Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Configuring an IKE group on SPOKE1

To create an IKE group, perform the following steps on SPOKE1 in configuration mode.

Table 1. Configuring an IKE group on SPOKE1

Step

Command

Create the configuration node for proposal 1 of IKE group IKE-1S.

vyatta@SPOKE1# set security vpn ipsec ike-group IKE-1S proposal 1

(Optional) Specify version 2 of IKE (IKEv2).

vyatta@HUB# set security vpn ipsec ike-group IKE-1W ike-version 2

Set the encryption cipher for proposal 1.

vyatta@SPOKE1# set security vpn ipsec ike-group IKE-1S proposal 1 encryption aes256

Set the hash algorithm for proposal 1.

vyatta@SPOKE1# set security vpn ipsec ike-group IKE-1S proposal 1 hash sha1

Set the encryption cipher for proposal 2. This action also creates the configuration node for proposal 2 of IKE group IKE-1S.

vyatta@SPOKE1# set security vpn ipsec ike-group IKE-1S proposal 2 encryption aes128

Set the hash algorithm for proposal 2.

vyatta@SPOKE1# set security vpn ipsec ike-group IKE-1S proposal 2 hash sha1

Set the lifetime for the whole IKE group.

vyatta@SPOKE1# set security vpn ipsec ike-group IKE-1S lifetime 3600

View the configuration for the IKE group. Do not commit yet.

vyatta@SPOKE1# show vpn ipsec ike-group IKE-1S

>    proposal 1 {
>        encryption aes256
>        hash sha1
>    }
>    proposal 2 {
>        encryption aes128
>        hash sha1
>    }
>    lifetime 3600