remote anonymous
{
        exchange_mode aggressive,main;
        my_identifier asn1dn;
        peers_identifier asn1dn "redacted"
        verify_identifier on;
        certificate_type x509 "fw.permissiondenied.org.crt"
                "fw.permissiondenied.org.pem";
        ca_type x509 "VPN-CA.crt";
        nonce_size 16;
        lifetime time 60 min;   # sec,min,hour
        proposal_check strict;  # obey, strict, or claim
        verify_cert on;
        generate_policy on;
        passive on;
        ike_frag on;
        dpd_delay 30;
        mode_cfg on;
        nat_traversal force;

        proposal {
                encryption_algorithm aes 256;
                hash_algorithm sha256;
                authentication_method xauth_rsa_server;
                dh_group 14;
        }
}

sainfo anonymous
{
        pfs_group 14;
        lifetime time 3600 sec;
        encryption_algorithm aes 256;
        authentication_algorithm hmac_sha256;
        compression_algorithm deflate;
}