Tip

This is the documentation for the 19.02 version. Looking for the documentation of the latest version? Have a look here.

orphan:

Internet Key Exchange (IKE)

tnsr(config-ipsec-tun)# crypto config-type ike

Most IPsec tunnels, such as this example, utilize IKE to dynamically handle key exchange when both parties are negotiating a security association. This is specified by the crypto config-type command above. Though static keys are also supported by TNSR, it is much less common.

tnsr(config-ipsec-tun)# crypto ike
tnsr(config-ipsec-crypto-ike)# version 1
tnsr(config-ipsec-crypto-ike)# lifetime 28800

The crypto ike command enters IKE mode to configure IPsec IKE behavior, which is the bulk of the remaining work for most IPsec tunnels.

The version <x> command in IKE mode instructs TNSR to use either IKEv1 or IKEv2. IKEv1 is more common and more widely supported, but IKEv2 is more secure.

The lifetime <x> command sets the maximum time for this IKE session to be valid.

• IKE Proposal
  • Encryption Algorithms
  • Integrity Algorithms
  • Diffie-Hellman Group
• IKE Identity
• IKE Authentication