<ipsec> <phase1> <ikeid>2</ikeid> <iketype>ikev2</iketype> <interface>wan</interface> <mode>main</mode> <protocol>inet</protocol> <myid_type>user_fqdn</myid_type> <myid_data>@vpn.testnetwork.lan</myid_data> <encryption-algorithm> <name>aes</name> <keylen>256</keylen> </encryption-algorithm> <hash-algorithm>sha256</hash-algorithm> <dhgroup>2</dhgroup> <lifetime>10800</lifetime> <certref>5883810082894</certref> <radius_server>172.16.150.2</radius_server> <radius_secret>P@ssword</radius_secret> <authentication_method>eap-radius</authentication_method> <descr>Mobile Clients</descr> <nat_traversal>on</nat_traversal> <private-key/> <mobile>1</mobile> <rekey_enable>1</rekey_enable> </phase1> <phase2> <ikeid>2</ikeid> <uniqid>588379d6daf21</uniqid> <mode>tunnel</mode> <lifetime>3600</lifetime> <protocol>esp</protocol> <localid> <type>network</type> <address>172.16.150.0</address> <netbits>24</netbits> </localid> <remoteid> <type>mobile</type> </remoteid> <encryption-algorithm-option> <name>aes</name> <keylen>256</keylen> </encryption-algorithm-option> <encryption-algorithm-option> <name>3des</name> </encryption-algorithm-option> <hash-algorithm-option>hmac_sha1</hash-algorithm-option> <mobile>1</mobile> </phase2> <client> <user_source>Local Database</user_source> <group_source>none</group_source> <pool_address>172.16.160.0</pool_address> <pool_netbits>24</pool_netbits> <dns_server1>172.16.150.2</dns_server1> <enable>1</enable> </client></ipsec>