Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
501
(config vpn ipsec tunnel ipsec_example)> ike pad false
(config vpn ipsec tunnel ipsec_example)>
f. Set the amount of time that the IKEsecurity association expiresafter a successful
negotiation and must be re-authenticated:
(config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime value
(config vpn ipsec tunnel ipsec_example)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set phase1_lifetime to ten minutes, enter either 10m or 600s:
(config vpn ipsec tunnel ipsec_example)> ike phase1_lifetime 600s
(config vpn ipsec tunnel ipsec_example)>
The default is three hours.
g. Set the amount of time that the IKEsecurity association expiresafter a successful
negotiation and must be rekeyed.
(config vpn ipsec tunnel ipsec_example)> ike phase2_lifetime value
(config vpn ipsec tunnel ipsec_example)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set phase2_lifetime to ten minutes, enter either 10m or 600s:
(config vpn ipsec tunnel ipsec_example)> ike phase2_lifetime 600s
(config vpn ipsec tunnel ipsec_example)>
The default is one hour.
h. Set a randomizing amount of time before the IPsec tunnel isrenegotiated:
(config vpn ipsec tunnel ipsec_example)> ike lifetime_margin value
(config vpn ipsec tunnel ipsec_example)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set lifetime_margin to ten minutes, enter either 10m or 600s:
(config vpn ipsec tunnel ipsec_example)> ike lifetime_margin 600s
(config vpn ipsec tunnel ipsec_example)>
The default is nine minutes.
i. Configure the typesof encryption, hash, and Diffie-Hellman group to use during phase 1:
i. Add a phase 1proposal:
(config vpn ipsec tunnel ipsec_example)> add ike phase1_proposal
end
(config vpn ipsec tunnel ipsec_example ike phase1_proposal 0)>
To Next Page
Loading...