In this example, you create an IKE proposal called ike_prop_1 and specify that peers use preshared keys for encryption and decryption, and that they use Diffie-Helman group 2 to produce the shared secret for the keys. You specify md5 as the authentication algorithm, and 3DES cypher block chaining (CBC) for encryption. And you specify that after 300 seconds the participants renegotiate a new SA.
- user@host# set security ike proposal ike_prop_1 description
"new ike proposal"
- user@host# set security ike proposal ike_prop_1 authentication-method
pre-shared-keys
- user@host# set security ike proposal ike_prop_1 dh-group
group2
- user@host# set security ike proposal ike_prop_1 authentication-algorithm
md5
- user@host# set security ike proposal ike_prop_1 encryption-algorithm
3des-cbc
- user@host# set security ike proposal ike_prop_1 lifetime-seconds
300
Use the following command to display information about IKE proposals:
- user@host# show security ike