Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Configuring an IKE group on HUB

To create an Internet Key Exchange (IKE) group, perform the following steps on HUB in configuration mode.

Table 1. Configuring an IKE group on HUB

Step

Command

Create the configuration node for proposal 1 of IKE group IKE-1H.

vyatta@HUB# set security vpn ipsec ike-group IKE-1H proposal 1

(Optional) Specify version 2 of IKE (IKEv2).

vyatta@HUB# set security vpn ipsec ike-group IKE-1W ike-version 2

Set the encryption cipher for proposal 1.

vyatta@HUB# set security vpn ipsec ike-group IKE-1H proposal 1 encryption aes256

Set the hash algorithm for proposal 1.

vyatta@HUB# set security vpn ipsec ike-group IKE-1H proposal 1 hash sha1

Set the encryption cipher for proposal 2. This action also creates the configuration node for proposal 2 of IKE group IKE-1H.

vyatta@HUB# set security vpn ipsec ike-group IKE-1H proposal 2 encryption aes128

Set the hash algorithm for proposal 2.

vyatta@HUB# set security vpn ipsec ike-group IKE-1H proposal 2 hash sha1

Set the lifetime for the whole IKE group.

vyatta@HUB# set security vpn ipsec ike-group IKE-1H lifetime 3600

View the configuration for the IKE group. Do not commit yet.

vyatta@HUB# show vpn ipsec ike-group IKE-1H

>    proposal 1 {
>        encryption aes256
>        hash sha1
>    }
>    proposal 2 {
>        encryption aes128
>        hash sha1
>    }
>    lifetime 3600