Question & Answer
Question
How do I control which IKE negotiation protocol is used when initiating Security Associations?
Answer
To specify the negotiation mode to use as the phase 1 initiator for a specific security association, configure the HowToInitiate parameter on the KeyExchangeAction statement referenced by a KeyExchangeRule statement. You can also specify a global value for the negotiation mode by configuring the HowToInitiate parameter on the KeyExchangePolicy statement.
You can specify any of the following values on the HowToInitiate parameter:
Main - indicates that IKE version 1 with identity protection is used when key negotiations are initiated by this system.
Aggressive - Indicates that IKE version 1 without identity protection is used when key negotiations are initiated by this system.
IKEv2 - indicates that IKE version 2 is used when key negotiations are initiated by this system.
DoNot - indicates that the local system cannot initiate a key exchange negotiation.
If HowToInitiate is not specified on the KeyExchangeAction statement, the IKE daemon will use the value from the HowToInitiate parameter in the KeyExchangePolicy statement.
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
29 December 2016
UID
dwa1335036