Example: Configuring an IPsec Policy (CLI)

When configuring Phase 2 of an IPsec tunnel, you first configure proposals, then policies, and finally the AutoKey IKE. The following example-based instructions show how to create the policy.

In Phase 2 IPsec policy configuration, you must create a policy and reference a Phase 2 proposal. In this example, you create a policy called ipsec_pol_1 and reference the proposal ipsec_prop_1. You also configure Perfect Forward Secrecy (PFS) to use Diffie-Hellman (DH) group 2 as the method the device uses to generate the encryption key.

To configure an IPsec policy using the CLI editor:

user@host# set security ipsec policy ipsec_pol_1 description "new ipsec policy"user@host# set security ipsec policy ipsec_pol_1 perfect-forward-secrecy keys group2user@host# set security ipsec policy ipsec_pol_1 proposals ipsec_prop_1

Use the following command to display information about this IKE proposal:

user@host# show security ipsec policy ipsec_pol_1

Related Topics