The following key exchange rule for an IKEv1 Aggressive-mode phase 1 negotiation uses pre-shared key authentication:
KeyExchangeRule Admin_KeyExRule1
{
LocalSecurityEndpointRef Internal_IKED
RemoteSecurityEndpointRef Admin_IKED
KeyExchangeActionRef Bronze-PSK
SharedKey Ascii TheEagleHasLanded
}This rule defines the parameters for the IKEv1 phase 1 negotiation between two hosts that are identified by the security endpoints Internal_IKED and Admin_IKED (presumed to be defined elsewhere in the policy file). The specifics of the negotiation are covered by the Bronze-PSK action as follows:
KeyExchangeAction Bronze-PSK
{
HowToInitiate Aggressive
HowToRespondIKEv1 Aggressive
KeyExchangeOffer
{
HowToEncrypt DES
HowToAuthMsgs SHA1
HowToAuthPeers PreSharedKey
}
}The optional SharedKey parameter is required only when the pre-shared key authentication method is used for the phase 1 negotiation.