Setting the Phase 1 mode with EOIP IPSec tunnels

cdjtheron · June 26, 2024, 9:49am

Hi Guys,

I’ve been scratching around quite a lot on our routers to figure out if this is possible but I’m at a loss at the moment.

Basically we need to change IPSec mode for an EOIP tunnel we’ve created from ikev1 main mode to ikev2.

Now because the IPSec Peer is created dynamically it seems to default to ikev1 main mode. I’ve checked all the possible parameters that can be set for EOIP tunnels but the only option is setting ipsec-secret which enables it and no other options.

I’ve also tried to see if we can edit the default Profiles/Policies to maybe force default behaviour but doesnt seem to work either.

Would appreciate some help and feedback and thank you in advance.

tdw · June 26, 2024, 12:45pm

Instead of specifying an IPsec secret in the EoIP interface create IPsec proposals, policies, peers & identities as required, when the EoIP encapsulated traffic matches the policy it will have IPsec applied as specified.

cdjtheron · June 26, 2024, 12:52pm

I wanted to try this but wasn’t sure exactly how.

Will try this thanks for the information, appreciated