### create and configure IKE and IPSEC protection profiles
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF saLifetimeTime 28800
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms inte hmacSha1,hmacMd5
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,3DesCbc
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF saLifetimeTime 28800
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms encryption aesCbc128,3DesCbc
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms integ hmacSha1,hmacMd5
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF dpdInterval noDpd
### create IKE peer
set addressContext default ipsec peer PRGGSX2 ipAddress 10.220.11.8 preShared 00000000000000000000000000000000
set addressContext default ipsec peer PRGGSX2 localIdentity type ipV4Addr ipAddress 10.220.41.161
set addressContext default ipsec peer PRGGSX2 remoteIdentity type ipV4Addr ipAddress 10.220.11.22
set addressContext default ipsec peer PRGGSX2 protectionProfile PRGGSX2_IKE_PROT_PROF
### create an SPD rule that allows the initial IPSEC negotiation to go through (SBC must allow traffic on UDP port 500)
set addressContext default ipsec spd ALLOW_IKE state enabled precedence 1000
set addressContext default ipsec spd ALLOW_IKE localPort 500 localIpAddr 10.220.41.160 localIpPrefixLen 32
set addressContext default ipsec spd ALLOW_IKE action bypass
set addressContext default ipsec spd ALLOW_IKE protocol 17
### create an SPD rule for this IKE peer
set addressContext default ipsec spd PRGGSX2_SPD state enabled precedence 1001
set addressContext default ipsec spd PRGGSX2_SPD localIpAddr 10.220.41.161 localIpPrefixLen 32 remoteIpAddr 10.220.11.22 remoteIpPrefixLen 32
set addressContext default ipsec spd PRGGSX2_SPD action protect
set addressContext default ipsec spd PRGGSX2_SPD protocol 17
set addressContext default ipsec spd PRGGSX2_SPD protectionProfile PRGGSX2_IPSEC_PROT_PROF
set addressContext default ipsec spd PRGGSX2_SPD peer PRGGSX2
### enable IPSec on the IP interface group
set addressContext default ipInterfaceGroup default_IP_INT_GR ipsec enabled |