|
Navigate to the Services>Ipsec vpn>Ike level in
the configuration hierarchy.
|
- In the configuration editor hierarchy, select Services.
- Next to Ipsec vpn, click Configure.
- Next to Ike, click Configure.
|
From the top of the configuration hierarchy, enter
edit services ipsec-vpn ike
|
|
Configure an IKE policy—for example, ike-dynamic-policy.
|
- Next to Policy, click Add new entry.
- In the Name box, type ike-dynamic-policy.
|
Enter
set policy ike-dynamic-policy
|
|
Configure a preshared key—for example, $1991poPPi—for
IKE in ASCII format.
|
- Next to Pre-shared key, click Configure.
- In the Key choice box, select Ascii text from
the list.
- In the Ascii text box, type the IKE key in plain text.
- Click OK.
|
Enter
set pre-shared-key ascii-text $1991poPPi
|
|
Configure an IPSec rule named ike-rule to act on input traffic,
and to set the IP address of the remote gateway—for example, 10.0.15.2—on
all traffic.
Note:
Because the rule applies to all traffic, you configure only the action
(or then statement) for the term.
|
- From the top of the configuration hierarchy, click Services>Ipsec-vpn.
- Next to Rule, click Add new entry.
- In the Rule name box, type ike-rule.
- In the Match direction box, select Input from
the list.
- Next to Term, click Add new entry.
- In the Term name box, type ike.
- Next to Then, select the Yes check
box and click Configure.
- In the Remote gateway box, type 10.0.15.2.
|
- From the top of the configuration hierarchy, enter
edit services ipsec-vpn
- Enter
set rule ike-rule match-direction input
- Enter
set rule ike-rule term ike then remote-gateway 10.0.15.2
|
|
Configure the IPSec rule ike-rule to reference the IKE policy ike-dynamic-policy for
the IPSec dynamic SA.
|
- In the Sa choice box, select Dynamic.
- Next to Dynamic, click Configure.
- In the Ike policy box, type ike-dynamic-policy.
- Click OK until you return to the Configuration
page.
|
- Enter
edit rule ike-rule term ike .
- Enter
set then dynamic ike-policy ike-dynamic-policy
|