This is the documentation for the 19.02 version. Looking for the documentation of the latest version? Have a look here.
Internet Key Exchange (IKE)¶
tnsr(config-ipsec-tun)# crypto config-type ike
Most IPsec tunnels, such as this example, utilize IKE to dynamically handle key
exchange when both parties are negotiating a security association. This is
specified by the
crypto config-type command above. Though static keys are
also supported by TNSR, it is much less common.
tnsr(config-ipsec-tun)# crypto ike tnsr(config-ipsec-crypto-ike)# version 1 tnsr(config-ipsec-crypto-ike)# lifetime 28800
crypto ike command enters IKE mode to configure IPsec IKE behavior,
which is the bulk of the remaining work for most IPsec tunnels.
version <x> command in IKE mode instructs TNSR to use either IKEv1 or
IKEv2. IKEv1 is more common and more widely supported, but IKEv2 is more secure.
lifetime <x> command sets the maximum time for this IKE session to be