IKEv2 is configured under .
- VPN connections
- In this section, you configure the IKEv2 VPN connections and the connection parameters.
- Authentication
- This table is used to define the identities for your VPN connections.
- Digital signature profile
- This table is used to specify the authentication methods for your VPN connections.
- Encryption
- This table is used to set the encryption parameters.
- Addresses for dial-in access (CFG mode server)
- Use these tables to specify the parameters that the device CFG mode assigns to the dial-in clients. IKEv2 supports Split DNS. This is configured under Split DNS domains and Split DNS profiles.
- Extended settings
- This section is used to configure the settings for the authentication of other remote identities, the IKEv2 rekeying parameters, and the prefixes for IKEv2 routing.
- Load balancer
- Use this section to configure the settings for the IKEv2 load balancer.
In order to configure an IKEv2 connection, you first need to make an entry in the Connection list. LCOS contains default entries in order to minimize the effort of configuration. Most of these entries contain default parameters with common settings for strong encryption algorithms, dead-peer-detection, and lifetimes. All you need to do is specify the address of the VPN remote peer, the authentication parameters (under Authentication), and the VPN rules (under ).
Note: The CLI command show vpn displays whether the VPN connection was established successfully.
