When configuring Phase 2 of an IPsec tunnel, you first configure proposals, then policies, and finally you configure IPsec AutoKey (IKE). The following example-based instructions show how to configure the IPsec AutoKey.
Before You Begin
For background information about standard IPsec VPNs, read:
For background information about dynamic IPsec VPNs, read:
In Phase 2 IPsec AutoKey configuration, you must create a VPN tunnel name, specify a gateway, and reference a Phase 2 policy. If you are using Route mode, you must bind the tunnel to an interface. In this example, you create a VPN tunnel named vpn_1 and bind it to interface st0.0, and you specify ike_gateway_1 as the gateway for the VPN tunnel and reference the IPsec policy ipsec_pol_1.
To configure AutoKey IKE, use either the J-Web or the CLI configuration editor. (For information about configuring IPsec AutoKey using J-Web Quick Configuration pages, see Configuring IPsec Autokey—Quick Configuration (Standard VPNs)or Configuring an IPsec Autokey—Quick Configuration (Dynamic VPNs).)
This topic covers:
To configure an IPsec Autokey in J-Web:
To configure an IPsec Autokey using the CLI editor:
- user@host# set security ipsec vpn vpn_1 bind-interface st0.0
- user@host# set security ipsec vpn vpn_1 ike gateway ike_gateway_1
- user@host# set security ipsec vpn vpn_1 ike ipsec-policy ipsec_pol_1
Use the following command to display information about this IKE proposal: