config vpn ipsec phase2-interface

Configure VPN autokey tunnel.

Syntax

config vpn ipsec phase2-interface
    edit <name>
        set dst-end-ip {ipv4-address-any}
        set dst-name {string}
        set dst-start-ip {ipv4-address-any}
        set dst-subnet {ipv4-classnet-any}
        set keylifeseconds {integer}
        set phase1name {string}
        set proposal {option1}, {option2}, ...
        set src-addr-type [subnet|range|...]
        set src-end-ip {ipv4-address-any}
        set src-name {string}
        set src-start-ip {ipv4-address-any}
        set src-subnet {ipv4-classnet-any}
    next
end

config vpn ipsec phase2-interface

Parameter

Description

Type

Size

Default

dst-end-ip

Remote proxy ID IPv4 end.

ipv4-address-any

Not Specified

0.0.0.0

dst-name

Remote proxy ID name.

string

Maximum length: 79

dst-start-ip

Remote proxy ID IPv4 start.

ipv4-address-any

Not Specified

0.0.0.0

dst-subnet

Remote proxy ID IPv4 subnet.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

keylifeseconds

Phase2 key life in time in seconds.

integer

Minimum value: 120 Maximum value: 172800

43200

phase1name

Phase 1 determines the options required for phase 2.

string

Maximum length: 15

proposal

Phase2 proposal.

option

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

Option	Description
aes128-sha1	aes128-sha1
aes128-sha256	aes128-sha256
aes128-sha384	aes128-sha384
aes128-sha512	aes128-sha512
aes192-sha1	aes192-sha1
aes192-sha256	aes192-sha256
aes192-sha384	aes192-sha384
aes192-sha512	aes192-sha512
aes256-sha1	aes256-sha1
aes256-sha256	aes256-sha256
aes256-sha384	aes256-sha384
aes256-sha512	aes256-sha512
aes128gcm	aes128gcm
aes256gcm	aes256gcm
chacha20poly1305	chacha20poly1305

src-addr-type

Local proxy ID type.

option

subnet

Option	Description
subnet	IPv4 subnet.
range	IPv4 range.
ip	IPv4 IP.
name	IPv4 firewall address or group name.

src-end-ip

Local proxy ID end.

ipv4-address-any

Not Specified

0.0.0.0

src-name

Local proxy ID name.

string

Maximum length: 79

src-start-ip

Local proxy ID start.

ipv4-address-any

Not Specified

0.0.0.0

src-subnet

Local proxy ID subnet.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

config vpn ipsec phase2-interface

Configure VPN autokey tunnel.

Syntax

config vpn ipsec phase2-interface
    edit <name>
        set dst-end-ip {ipv4-address-any}
        set dst-name {string}
        set dst-start-ip {ipv4-address-any}
        set dst-subnet {ipv4-classnet-any}
        set keylifeseconds {integer}
        set phase1name {string}
        set proposal {option1}, {option2}, ...
        set src-addr-type [subnet|range|...]
        set src-end-ip {ipv4-address-any}
        set src-name {string}
        set src-start-ip {ipv4-address-any}
        set src-subnet {ipv4-classnet-any}
    next
end

config vpn ipsec phase2-interface

Parameter

Description

Type

Size

Default

dst-end-ip

Remote proxy ID IPv4 end.

ipv4-address-any

Not Specified

0.0.0.0

dst-name

Remote proxy ID name.

string

Maximum length: 79

dst-start-ip

Remote proxy ID IPv4 start.

ipv4-address-any

Not Specified

0.0.0.0

dst-subnet

Remote proxy ID IPv4 subnet.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

keylifeseconds

Phase2 key life in time in seconds.

integer

Minimum value: 120 Maximum value: 172800

43200

phase1name

Phase 1 determines the options required for phase 2.

string

Maximum length: 15

proposal

Phase2 proposal.

option

aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305

Option	Description
aes128-sha1	aes128-sha1
aes128-sha256	aes128-sha256
aes128-sha384	aes128-sha384
aes128-sha512	aes128-sha512
aes192-sha1	aes192-sha1
aes192-sha256	aes192-sha256
aes192-sha384	aes192-sha384
aes192-sha512	aes192-sha512
aes256-sha1	aes256-sha1
aes256-sha256	aes256-sha256
aes256-sha384	aes256-sha384
aes256-sha512	aes256-sha512
aes128gcm	aes128gcm
aes256gcm	aes256gcm
chacha20poly1305	chacha20poly1305

src-addr-type

Local proxy ID type.

option

subnet

Option	Description
subnet	IPv4 subnet.
range	IPv4 range.
ip	IPv4 IP.
name	IPv4 firewall address or group name.

src-end-ip

Local proxy ID end.

ipv4-address-any

Not Specified

0.0.0.0

src-name

Local proxy ID name.

string

Maximum length: 79

src-start-ip

Local proxy ID start.

ipv4-address-any

Not Specified

0.0.0.0

src-subnet

Local proxy ID subnet.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

config vpn ipsec phase2-interface

config vpn ipsec phase2-interface

Syntax

config vpn ipsec phase2-interface

config vpn ipsec phase2-interface

config vpn ipsec phase2-interface

Syntax

config vpn ipsec phase2-interface