Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
500
n
keyid: TheIDwill be interpreted as a Key IDand sent as an ID_KEY_IDIKEidentity.
Set the key ID:
(config vpn ipsec tunnel ipsec_example)> remote id type keyid_id
id
(config vpn ipsec tunnel ipsec_example)>
n
mac_address: Thedevice's MAC addresswill be used for the Key IDand sent as an
ID_KEY_IDIKEidentity.
n
serial_number: The IDdevice's serial number will be used for the Key IDand sent
as an ID_KEY_IDIKEidentity.
15. Configure IKEsettings:
a. Set the IKEversion:
(config vpn ipsec tunnel ipsec_example)> ike version value
(config vpn ipsec tunnel ipsec_example)>
where value is either ikev1 or ikev2. This setting must match the peer's IKEversion.
b. Determine whether the device should initiate the key exchange, rather than waiting for an
incoming request. By default, the device will initiate the key exchange. Thismust be
disabled if remote hostname is set to any. To disable:
(config vpn ipsec tunnel ipsec_example)> ike initiate false
(config vpn ipsec tunnel ipsec_example)>
c. Set the IKEphase 1 mode:
(config vpn ipsec tunnel ipsec_example)> ike mode value
(config vpn ipsec tunnel ipsec_example)>
where value is either aggressive or main.
d. Set the IKEfragmentation:
(config vpn ipsec tunnel ipsec_example)> ike fragmentation value
(config vpn ipsec tunnel ipsec_example)>
where value is one of:
n
if_supported: Send oversized IKEmessages in fragments, if the peer supports
receiving them.
n
always: Alwayssend IKEv1 messagesin fragments. For IKEv2, this option is
equivalent to if supported.
n
never: Do not send oversized IKE messages in fragments.
n
accept: Do not send oversized IKE messages in fragments, but announce support
for fragmentation to the peer.
The default is always.
e. Padding of IKEpackets is enabled by default and should normally not be disabled except
for compatibility purposes. To disable:
To Next Page
Loading...