In this example, you create a policy called ipsec_pol_1 and reference the proposal ipsec_prop_1. You also configure Perfect Forward Secrecy to use Diffie-Hellman Group 2 as the method the device uses to generate the encryption key.
- user@host# set security ipsec policy ipsec_pol_1 description
"new ipsec policy"
- user@host# set security ipsec policy ipsec_pol_1 perfect-forward-secrecy
keys group2
- user@host# set security ipsec policy ipsec_pol_1 proposals
ipsec_prop_1
Use the following command to display information about this IKE proposal:
- user@host# show security ipsec policy ipsec_pol_1