set interfaces vti vti0 address '172.16.250.1/24' set vpn ipsec esp-group ESP_DEFAULT compression 'disable' set vpn ipsec esp-group ESP_DEFAULT lifetime '3600' set vpn ipsec esp-group ESP_DEFAULT mode 'tunnel' set vpn ipsec esp-group ESP_DEFAULT pfs 'dh-group19' set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256' set vpn ipsec ike-group IKEv2_DEFAULT ikev2-reauth 'no' set vpn ipsec ike-group IKEv2_DEFAULT key-exchange 'ikev2' set vpn ipsec ike-group IKEv2_DEFAULT lifetime '10800' set vpn ipsec ike-group IKEv2_DEFAULT mobike 'disable' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 dh-group '19' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth1.1' set vpn ipsec site-to-site peer 172.16.254.2 authentication id '172.16.254.1' set vpn ipsec site-to-site peer 172.16.254.2 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 172.16.254.2 authentication pre-shared-secret 'secretkey' set vpn ipsec site-to-site peer 172.16.254.2 authentication remote-id '172.16.254.2' set vpn ipsec site-to-site peer 172.16.254.2 connection-type 'respond' set vpn ipsec site-to-site peer 172.16.254.2 ike-group 'IKEv2_DEFAULT' set vpn ipsec site-to-site peer 172.16.254.2 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 172.16.254.2 local-address '172.16.254.1' set vpn ipsec site-to-site peer 172.16.254.2 vti bind 'vti0' set vpn ipsec site-to-site peer 172.16.254.2 vti esp-group 'ESP_DEFAULT'