Virtual Private Networks (VPN) IPsec
Digi Connect IT® 16/48 User Guide
253
ii. Add a phase 2 proposal:
(config vpn ipsec tunnel ipsec_example ike)> add ike phase2_proposal
end
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
iii. Set the type of encryption to use during phase 2:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
cipher value
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
where value is one of 3des, aes128, aes192, aes256, or null. The default is 3des.
iv. Set the type of hash to use during phase 2 to verify communication integrity:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> hash
value
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
where value is one of md5, sha1, sha256, sha384, or sha512. The default is sha1.
v. Set the type of Diffie-Hellman group to use for key exchange during phase 2:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)> dh_
group value
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
where value is one of ecp384, modp768, modp1024, modp1536, modp2048,
modp3072, modp4096, modp6144, or modp8192, . The default is modp1024.
vi. (Optional) Add additional phase 2 proposals:
i. Move back one level in the schema:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 0)>
..
(config vpn ipsec tunnel ipsec_example ike phase2_proposal)>
ii. Add an additional proposal:
(config vpn ipsec tunnel ipsec_example ike phase2_proposal)> add
end
(config vpn ipsec tunnel ipsec_example ike phase2_proposal 1)>
Repeat the above steps to set the type of encryption, hash, and Diffie-Hellman
group for the additional proposal.
iii. Repeat to add more phase 2 proposals.
16. (Optional) Configure dead peer detection:
Dead peer detection is enabled by default. Dead peer detection uses periodic IKE transmissions
to the remote endpoint to detect whether tunnel communications have failed, allowing the
tunnel to be automatically restarted when failure occurs.
To Next Page
Loading...
Need help?
General