Example 3
The following key exchange rule for an IKEv2 phase 1 negotiation uses digital signature authentication:
KeyExchangeRule IKEv2_Example
{
LocalSecurityEndpointRef Internal_IKED
RemoteSecurityEndpointRef ZoneA_IKED
KeyExchangeActionRef IKEv2-DigitalSignature
}
This rule defines the parameters for the IKEv2 phase 1 negotiation between two hosts that are identified by the security endpoints Internal_IKED and ZoneA_IKED (presumed to be defined elsewhere in the policy file). The specifics of the negotiation are covered by the IKEv2-DigitalSignature action as follows:
KeyExchangeAction IKEv2-DigitalSignature
{
HowToInitiate IKEv2
HowToAuthMe DigitalSignature
ReauthInterval 0
BypassIpValidation Yes
KeyExchangeOffer
{
HowToEncrypt AES_CBC KeyLength 128
HowToVerifyMsgs HMAC_SHA1_96
PseudoRandomFunction HMAC_SHA1
HowToAuthPeers RsaSignature
}
}