User`s guide
213
Configuration – Network > Virtual Private Networking (VPN) > IPsec >
IKEv2 > IKEv2 Responder
This page displays the various parameters for IKEv2 0 when used in Responder mode.
Enable IKEv2 Responder
Allows the router to respond to incoming IKE requests.
Accept IKEv2 Requests with
Defines the settings that the router will accept during the negotiation
Encryption
The acceptable encryption algorithms.
Authentication
The acceptable authentication algorithms.
PRF Algorithm
The acceptable PRF (Pseudo Random Function) algorithms.
MODP Group between x and y
The acceptable range for MODP group.
Renegotiate after h hrs m mins s secs
Determines how long the initial IKE Security Association will stay in force. When it expires
any attempt to send packets to the remote system will result in IKE attempting to establish
a new SA.
Rekey after h hrs m mins s secs
When the time left until expiry for this SA reaches the value specified by this parameter, the
IKEv2 SA will be renegotiated, i.e. a new IKEv2 SA is negotiated and the old SA is removed.
Any IPSec “child” SAs that were created are retained and become “children” of the new SA.
Related CLI Commands
Entity
Instance
Parameter
Values
Equivalent Web Parameter
ike2 0 rencalgs des, 3des, aes Encryption
ike2 0 renckeybits 128, 192, 256
Encryption (Minimum AES key
length)
ike2 0 rauthalgs md5, sha1 Authentication
ike2 0 rprfalgs md5, sha1 PRF Algorithm
ike2 0 rdhmingroup 1, 2, 5 MODP Group between x and y
ike2 0 rdhmaxgroup 1, 2, 5 MODP Group between x and y
ike2 0 ltime 1 – 28800
Renegotiate after h hrs m mins s
secs
This CLI value is entered in
seconds only.
ike2 0 rekeyltime 1 - 28800
Rekey after h hrs m mins s secs
This CLI value is entered in
seconds only.