config phase2-interface

Description: Configures VPN autokey tunnel.

Edit <name>
			Set *phase1name
			Set pfs [enable | disable]
			Set dhgrp [1 | 2 | 5 | 14]
			Set keylife-type [seconds | kbs]
			Set keylifeseconds [120 – 172800]
			Set encapsulation [tunnel-mode | transport-mode]
			Set protocol [0 – 255]
			Set src-addr-type [subnet | range | ip | name]
			Set src-subnet {ipv4-subnet}
			Set *src-start-ip {ipv4-address} *available when src-addr-type is range and ip
			Set *src-end-ip {ipv4-address} *available when src-addr-type is range
			Set *src-name {string} *available when src-addr-type is name
			Set src-port [0 – 65535]
			Set dst-addr-type [subnet | range | ip | name]
			Set dst-subnet {ipv4-subnet}
			Set *dst-start-ip {ipv4-address} *available when dst-addr-type is range and ip
			Set *dst-end-ip {ipv4-address} *available when dst-addr-type is range
			Set *dst-name {string} *available when dst-addr-type is name
			Set dst-port [0 – 65535]
			Unset
			Next
			Show
			Abort
			End
		Delete <name>
		Purge
		Show
		End
	Show
	End

Sample command:

FX201E5919000057 (phase2-interface) # show
config vpn ipsec phase2-interface
    edit phase2_1
        set phase1name phase1_1
        set proposal aes128-sha1 aes256-sha1 3des-sha1 aes128-sha256 aes256-sha256 3des-sha256
        set pfs enable
        set dhgrp 14 5
        set keylife-type seconds
        set keylifeseconds 43200
        set encapsulation tunnel-mode
        set protocol 0
        set src-addr-type subnet
        set src-subnet 0.0.0.0/0
        set src-port 0
        set dst-addr-type subnet
        set dst-subnet 107.204.148.0/24
        set dst-port 234
    next
end