path certificate "/usr/local/etc/cert";
log notify; # can be notify, debug, or debug2

remote 10.1.0.2
{
    exchange_mode main;
    doi ipsec_doi;
    my_identifier asn1dn;
    certificate_type x509 "cert.pem" "key.pem";
    verify_cert off;
    initial_contact on;
    support_proxy off; # for Linux use support_mip6 off;
    proposal_check obey;

    proposal {
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method rsasig;
        dh_group 2;
    }
}

sainfo address 10.x.x.x/32 any address 0.0.0.0/0 any
{
    pfs_group 2;
    lifetime time 30 sec;
    encryption_algorithm 3des;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
}