peer

crypto-remote-vpn-client commands

Configures IKEv2 peers and assigns them priorities for utilization with remote VPN client connections. A maximum of three (3) peers can be added to support redundancy.

IKEv2 uses an initial handshake in which VPN peers negotiate cryptographic algorithms, mutually authenticate, and establish a session key, creating an IKE-SA. Additionally, a first IPSec SA is established during the initial SA creation. All IKEv2 messages are request/response pairs. It is the responsibility of the side sending the request to retransmit if it does not receive a timely response.

Supported on the following devices:

Access Points: AP3000/X, AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

peer <1-3> ikev2 <IKEV2-PEER-NAME>

Parameters

peer <1-3> ikev2 <IKEV2-PEER-NAME>


peer <1-3>	Adds a IKEv2 peer. You can add maximum of three (3) peers to achieve redundancy. <1-3> – Specify a priority level for the peer from 1 - 3 (1 = primary, 2 = secondary, and 3 = redundant).
ikev2 <IKEV2-PEER-NAME>	Specify the IKEv2 peer‘s name. Note: The peer should be existing and configured. To configure an IKEv2 peer use the crypto > ikev2 > peer > <IKEv2-PEER-NAME> command.

Example

nx9500-6C8809(config-profile-testAP8533-crypto-ikev2-remote-vpn-client)#peer 1 ikev2 ikev2Peer1

nx9500-6C8809(config-profile-testAP8533-crypto-ikev2-remote-vpn-client)#peer 2 ikev2 ikev2Peer2

nx9500-6C8809(config-profile-testAP8533-crypto-ikev2-remote-vpn-client)#show context
 crypto remote-vpn-client
  peer 1 ikev2 ikev2Peer1
  peer 2 ikev2 ikev2Peer2
nx9500-6C8809(config-profile-testAP8533-crypto-ikev2-remote-vpn-client)#