crypto-remote-vpn-client commands

Configures IKEv2 peers and assigns them priorities for utilization with remote VPN client connections. A maximum of three (3) peers can be added to support redundancy.

IKEv2 uses an initial handshake in which VPN peers negotiate cryptographic algorithms, mutually authenticate, and establish a session key, creating an IKE-SA. Additionally, a first IPSec SA is established during the initial SA creation. All IKEv2 messages are request/response pairs. It is the responsibility of the side sending the request to retransmit if it does not receive a timely response.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


peer <1-3> ikev2 <IKEV2-PEER-NAME>


peer <1-3> ikev2 <IKEV2-PEER-NAME>
peer <1-3> Adds a IKEv2 peer. You can add maximum of three (3) peers to achieve redundancy.
  • <1-3> – Specify a priority level for the peer from 1 - 3 (1 = primary, 2 = secondary, and 3 = redundant).
ikev2 <IKEV2-PEER-NAME> Specify the IKEv2 peer‘s name.
Note: The peer should be existing and configured. To configure an IKEv2 peer use the crypto > ikev2 > peer > <IKEv2-PEER-NAME> command.


1 ikev2 ikev2Peer1

rfs4000-229D58(config-profile-testRFS4000-crypto-ikev2-remote-vpn-client)#peer 2
 ikev2 ikev2Peer2

rfs4000-229D58(config-profile-testRFS4000-crypto-ikev2-remote-vpn-client)#show context
 crypto remote-vpn-client
  peer 1 ikev2 ikev2Peer1
  peer 2 ikev2 ikev2Peer2