Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Configuring an ESP group on SPOKE2

To create an ESP group, perform the following steps on SPOKE2 in configuration mode.

Table 1. Configuring an ESP group on SPOKE2

Step

Command

Create the configuration node for proposal 1 of ESP group ESP-1S.

vyatta@SPOKE2# set security vpn ipsec esp-group ESP-1S proposal 1 

Set the encryption cipher for proposal 1.

vyatta@SPOKE2# set security vpn ipsec esp-group ESP-1S proposal 1 encryption aes256

Set the hash algorithm for proposal 1.

vyatta@SPOKE2# set security vpn ipsec esp-group ESP-1S proposal 1 hash sha1

Set the encryption cipher for proposal 2. This action also creates the configuration node for proposal 2 of ESP group ESP-1S.

vyatta@SPOKE2# set security vpn ipsec esp-group ESP-1S proposal 2 encryption aes128gcm128

Set the hash algorithm for proposal 2.

vyatta@SPOKE2# set security vpn ipsec esp-group ESP-1S proposal 2 hash null

Set the lifetime for the whole ESP group.

vyatta@SPOKE2# set security vpn ipsec esp-group ESP-1S lifetime 1800

View the configuration for the ESP group. Do not commit yet.

vyatta@SPOKE2# show vpn ipsec esp-group ESP-1S

>    proposal 1 {
>        encryption aes256
>        hash sha1
>    }
>    proposal 2 {
>        encryption aes128gcm128
>        hash null
>    }
>    lifetime 1800