 |
Note: When configuring an IKE policy for the dynamic VPN feature, note that you must set the mode to aggressive. Also note that you must use preshared keys rather than manual keys or certificates. |
When configuring Phase 1 of an IPsec tunnel using IKE, you first configure proposals, then policies, and finally you configure the gateway. The following example-based instructions show how to create the policy portion of the IKE gateway.
Before You Begin |
|---|
For background information about standard IPsec VPNs, read:
For background information about dynamic IPsec VPNs, read: |
During policy configuration, you must set the mode in which the Phase 1 channel will be negotiated, specify the type of key exchange to be used, and reference the Phase 1 proposal. In this example, you create a policy called ike_pol_1, specify that participants exchange proposals in aggressive mode, and reference the proposal called ike_prop_1. You specifiy that the preshared key be of type ASCII, and enter the key.
|
Note: When configuring an IKE policy for the dynamic VPN feature, note that you must set the mode to aggressive. Also note that you must use preshared keys rather than manual keys or certificates. |
To configure IKE policies, use the J-Web or CLI configuration editor. (For information about configuring IKE policies using J-Web Quick Configuration pages, see Configuring an IKE Policy—Quick Configuration (Standard VPNs) or Configuring an IKE Policy—Quick Configuration (Dynamic VPNs).)
This topic covers:
To configure an IKE policy in J-Web:
To configure and IKE policy using the CLI Editor:
- user@host# set security ike policy ike_pol_1
mode aggressive
- user@host# set security ike policy ike_pol_1
description "new ike policy"
- user@host# set security ike policy ike_pol_1
proposals ike_prop_1
- user@host# set security ike policy ike_pol_1
pre-shared-key ascii-text "$9$UQiqf36A1RSTzRSreXxDik.Tzn/CuBI"
Use the following command to display information about this IKE policy:
