IPsec VPN Server Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
915
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
TO ATTACH A TRANSFORM SET TO A CRYPTO CLIENT PROFILE
EXAMPLE
ALU(config-client-prof-myclientprofile)# transform-set TS1
T
O ATTACH PFS GROUP TO A CRYPTO CLIENT PROFILE
EXAMPLE
ALU(config-client-prof-myclientprofile)# pfs group2
T
O CONFIGURE SA LIFETIME FOR A CLIENT PROFILE
IKE is used for SA negotiation. It requires a proposal to be configured so that a
secure channel can be established to authenticate the negotiating parties. When
both lifetime in kilobytes and lifetime in seconds is set, re-negotiation of new SA is
triggered depending on which lifetime expires first. When re-keying happens, both
lifetimes get reset.
E
XAMPLE
ALU(config-client-prof-myclientprofile)# ipsec security-
association lifetime seconds 5400
Command (in Crypto Client Profile
CM)
Description
transform-set <name> This command is used to attach an already
configured transform-set to a client profile.
Command (in Client Profile CM) Description
pfs {group1|group2|group5} This command is used to attach a PFS
group to a client profile.
Command (in Client Profile CM) Description
ipsec security-association
lifetime seconds <540-86400>
This command is used to configure
the IPsec SA lifetime in seconds for a
client profile.
To Next Page
Loading...
