CONFIG IPSEC PEER NEW

Level

vpn+modify

History

Appears in Netasq 9 0 0
auto mode appears in Netasq 9 0 1
ikeversion appears in 2 0 0
peeridentifier appears in 3 0 0
reauth appears in 3 5 0
inactivity appears in 3 8 0
ikedscp appears in 3 10 0
useclone appears in 4 2 0
force appears in 4 2 0
sharedsa removed in 4 2 0
backupmode removed in 4 2 0
backuppeer removed in 4 2 0
checkmode removed in 4 2 0
dpd_delay removed in 4 2 0
dpd_retry removed in 4 2 0
dpd_maxfail removed in 4 2 0
xauth method removed in 4 2 1

Description

Create a new peer

Usage

name=<peername> dst=<host|any> src=<host|any> conf=<phase1profile> [comment=<str>] [global=<0|1>] [force=<0|1>] [ikeversion=<1|2>] [dpd_mode=<passive|low|high>] [useclone=<0|1>] [specific mandatory/optionnal tokens for this authentication method] [specific mandatory/optional tokens for this ike version]
IKEV1 TOKENS
method=<psk|pki|xauth_pki>

[mode=<main|aggressive>]
[responderonly=<0|1>]
[natt=<auto|force>]
[ike_frag=<0|1>]
IKEV2 TOKENS
method=<psk|pki>
[natt=<auto|force>]
[responderonly=<0|1>]
[ike_frag=<0|1>]
[reauth=<0|1>] : Enable the IKE SA reauthentication when it is about to expire (default is 1)
[inactivity=<num>]
PSK TOKENS
[psk=<key>]
[identifier=<asn1dn|user_fqdn|fqdn|ip>]
[peeridentifier=<asn1dn|user_fqdn|fqdn|ip>]
psk can be specified in roadwarrior psks instead of here
PKI TOKENS
cert=<certname>
[identifier=<asn1dn|user_fqdn|fqdn|ip>]
[peeridentifier=<asn1dn|user_fqdn|fqdn|ip>]
[peercert=<certname>]
[sendcert=<0|1>]
[sendcr=<0|1>]
in IKEv2, the identifiers have to be confirmed by the certificates
XAUTH/XAUTH_PKI TOKENS
cert=<certname>
TOS TOKENS
[ikedscp=(""|<0-56>)]

Example

CONFIG IPSEC PEER NEW name=mypeer type=pki dst=host1 src=Firewall_Out conf=myph1 cert=mycert CACHE_CATEGORY_CLONE ipsec_peer