Command Reference Guide
SROS Command Line Interface Reference Guide IKE Policy Command Set
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 379
initiate [main | aggressive]
Use the initiate command to allow the IKE policy to initiate negotiation (in main mode or aggressive
mode) with peers. Use the no form of this command to allow the policy to respond only.
Syntax Description
main Specify to initiate using main mode. Main mode requires that each end of the VPN
tunnel has a static WAN IP address. Main mode is more secure than aggressive
mode because more of the main mode negotiations are encrypted.
aggressive Specify to initiate using aggressive mode. Aggressive mode can be used when
one end of the VPN tunnel has a dynamically assigned address. The side with
the dynamic address has to be the initiator of the traffic and tunnel. The side with
the static address has to be the responder.
Default Values
By default, initiate in main mode is enabled.
Command Modes
(config-ike)# IKE Policy Configuration Mode
Functional Notes
By using the
initiate
and
respond
commands, you can configure the IKE policy to initiate and respond, initiate
only, or respond only. It is an error if you have both
initiate
and
respond
disabled.
Usage Examples (Continued)
The following example enables the Secure Router OS device to initiate IKE negotiation in main mode:
(config-ike)#
initiate main