CONFIG IPSEC PEER NEW

Level

vpn,modify

History

Appears in Netasq 9.0.0
auto mode appears in Netasq 9.0.1
ikeversion appears in 2.0.0
peeridentifier appears in 3.0.0
reauth appears in 3.5.0
inactivity appears in 3.8.0
ikedscp appears in 3.10.0
useclone appears in 4.2.0
force appears in 4.2.0
sharedsa removed in 4.2.0
backupmode removed in 4.2.0
backuppeer removed in 4.2.0
checkmode removed in 4.2.0
dpd_delay removed in 4.2.0
dpd_retry removed in 4.2.0
dpd_maxfail removed in 4.2.0
xauth method removed in 4.2.1
mobike appears in 4.3.0
unique appears in 4.5.0
UDPEncapPreferred appears in 4.7.2

Description

Create a new peer

Usage

name=<peername> dst=<host|any> src=<host|any> conf=<phase1profile> [comment=<str>] [global=<0|1>] [force=<0|1>] [ikeversion=<1|2>] [dpd_mode=<passive|low|high>] [useclone=<0|1>] [specific mandatory/optionnal tokens for this authentication method] [specific mandatory/optional tokens for this ike version]
IKEV1 TOKENS
method=<psk|pki|xauth_pki>
[mode=<main|aggressive>]
[responderonly=<0|1>]
[natt=<auto|force>]
[ike_frag=<0|1>]
IKEV2 TOKENS
method=<psk|pki>
[natt=<auto|force>]
[responderonly=<0|1>]
[ike_frag=<0|1>]
[reauth=<0|1>] : Enable the IKE SA reauthentication when it is about to expire (default is 1)
[inactivity=<num>]
[mobike=<0|1>]
PSK TOKENS
[psk=<key>]
[identifier=<asn1dn|user_fqdn|fqdn|ip>]
[peeridentifier=<asn1dn|user_fqdn|fqdn|ip>]
psk can be specified in roadwarrior psks instead of here.
PKI TOKENS
cert=<certname>
[identifier=<asn1dn|user_fqdn|fqdn|ip>]
[peeridentifier=<asn1dn|user_fqdn|fqdn|ip>]
[peercert=<certname>]
[sendcert=<0|1>]
[sendcr=<0|1>]
in IKEv2, the identifiers have to be confirmed by the certificates
XAUTH/XAUTH_PKI TOKENS
cert=<certname>
MISC TOKENS
[unique=<keep|replace|no|never] : enforce a uniqueness policy, using INITIAL_CONTACT notifies
[ikedscp=(""|<0-63>)]
[UDPEncapPreferred=<on|off>] : force udp encapsulation in DR mode

Example

CONFIG IPSEC PEER NEW name=mypeer type=pki dst=host1 src=Firewall_Out conf=myph1 cert=mycert

Cache category clone

ipsec_peer