Initiate main aggressive, Main, Aggressive

SROS Command Line Interface Reference Guide	IKE Policy Command Set

initiate [main aggressive]

Use the initiate command to allow the IKE policy to initiate negotiation (in main mode or aggressive mode) with peers. Use the no form of this command to allow the policy to respond only.

Syntax Description

main	Specify to initiate using main mode. Main mode requires that each end of the VPN
	tunnel has a static WAN IP address. Main mode is more secure than aggressive
	mode because more of the main mode negotiations are encrypted.
aggressive	Specify to initiate using aggressive mode. Aggressive mode can be used when
	one end of the VPN tunnel has a dynamically assigned address. The side with
	the dynamic address has to be the initiator of the traffic and tunnel. The side with
	the static address has to be the responder.

Default Values

By default, initiate in main mode is enabled.

Command Modes

(config-ike)#

IKE Policy Configuration Mode

Functional Notes

By using the initiate and respond commands, you can configure the IKE policy to initiate and respond, initiate only, or respond only. It is an error if you have both initiate and respond disabled.

Usage Examples (Continued)

The following example enables the Secure Router OS device to initiate IKE negotiation in main mode:

(config-ike)#initiate main

5991-2114

379

HP 7000 dl Router manual Initiate main aggressive, Main, Aggressive

Models: 7000 dl Router

IKE Policy Command Set

initiate [main aggressive]

main

aggressive

Functional Notes

Usage Examples (Continued)