Configure an IKE group on EAST
This task creates IKE group IKE-1E on EAST. This IKE group contains two proposals:
- Proposal 1 uses AES-256 as the encryption cipher and SHA-1 as the hash algorithm.
- Proposal 2 uses AES-256 with 128-bit GCM as the encryption cipher.
The IKE version is specified as version 2. IKEv2 is required for the AES encryption with 128-bit GCM.
The lifetime of a proposal from this IKE group is set to 3600.
Note that these parameters correspond to those set in IKE-1W on WEST. You must ensure, in defining proposals, that the encryption ciphers and hash algorithms are such that the two peers will be able to agree on at least one combination.
To create this IKE group, perform the following steps on EAST in configuration mode.
Step | Command |
---|---|
Create the configuration node for proposal 1 of IKE group IKE-1E. |
|
Specify the IKE version (v2). |
|
Set the encryption cipher for proposal 1. |
|
Set the hash algorithm for proposal 1. |
|
Set the encryption cipher for proposal 2. This also creates the configuration node for proposal 2 of IKE group IKE-1E. |
|
Set the hash algorithm for proposal 2. |
|
Set the lifetime for the whole IKE group. |
|
View the configuration for the IKE group. Don't commit yet. |
|