The following KeyExchangeRule statement for an IKEv1 Main-mode phase 1 negotiation uses digital signature authentication:
KeyExchangeRule ZoneA_KeyExRule1
{
LocalSecurityEndpointRef Internal_IKED
RemoteSecurityEndpointRef ZoneA_IKED
KeyExchangeActionRef Silver-RSA
}
The referenced objects are presumed to be defined elsewhere in the policy file. This rule defines the parameters for the IKEv1 phase 1 negotiation between two hosts that are identified by the security endpoints Internal_IKED and ZoneA_IKED. The specifics of the negotiation are covered by the Silver-RSA action as follows:
KeyExchangeAction Silver-RSA
{
HowToInitiate main
HowToRespondIKEv1 main
KeyExchangeOffer
{
HowToEncrypt DES
HowToAuthMsgs SHA1
HowToAuthPeers RsaSignature
}
}