Parameters
peer ID
peer's remote ID
preshared key (if using)
IKE mode config poolname
range of private addresses for
IKE mode config to assign to
mobile users
DNS server(s) for IKE mode
config (optional)
WINS (NetBIOS) server(s) for
IKE mode config (optional)
IKE policy number
initiate mode
attribute policy number for IKE
SA proposals
IKE authentication method
IKE SA authentication
algorithm
IKE SA encryption algorithm
IKE SA lifetime
Table 10-32. Quick Start Settings for a Client-to-Site VPN
Options
any
• IP address (A.B.C.D)
• fully-qualified domain name
(FQDN)
• email address
• abstract syntax notation
distinguished name (ASN-
DN), for digital certificates
only
• any
alphanumeric string
alphanumeric string
first A.B.C.D
last A.B.C.D
A.B.C.D
A.B.C.D
1 to 10,000
none
1 to 65,535
• preshared keys
• DSS digital certificate
• RSA digital certificates
• MD5
• SHA-1
• DES
• 3DES
• AES 128-bit
• AES 192-bit
• AES 256-bit
60 to 86,400 seconds
Obtain Setting From
—
mobile users—You should
either use any or wildcards to
match multiple users. If you
are using digital certificates,
the remote ID should match
the corresponding field in
authorized certificates.
match peer
—
organizational policy
organizational policy
organizational policy
highest on the router
—
—
match peer
match peer
match peer
match peer
Virtual Private Networks
Quick Start
Your Setting
any
no initiate
10-95