Chapter 40 IPSec VPN
UAG CLI Reference Guide
198
transform-set isakmp-algo [isakmp_algo
[isakmp_algo]]
Sets the encryption and authentication algorithms for each IKE SA
proposal.
isakmp_algo: {des-md5 | des-sha | 3des-md5 | 3des-sha |
aes128-md5 | aes128-sha | aes192-md5 | aes192-sha | aes256-
md5 | aes256-sha | aes256-sha256 | aes256-sha512}
lifetime <180..3000000> Sets the IKE SA life time to the specified value.
group1
group2
group5
Sets the DHx group to the specified group.
[no] natt Enables NAT traversal. The
no command disables NAT traversal.
local-ip {ip {ip | domain_name} |
interface interface_name}
Sets the local gateway address to the specified IP address, domain
name, or interface.
peer-ip {ip | domain_name} [ip |
domain_name]
Sets the remote gateway address(es) to the specified IP
address(es) or domain name(s).
keystring pre_shared_key Sets the pre-shared key that can be used for authentication. The
pre_shared_key can be:
• 8 - 32 alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./
<>=-".
• 16 - 64 hexadecimal (0-9, A-F) characters, preceded by “0x”.
The pre-shared key is case-sensitive.
local-id type {ip ip | fqdn domain_name |
mail e_mail | dn distinguished_name}
Sets the local ID type and content to the specified IP address,
domain name, or e-mail address.
peer-id type {any | ip ip | fqdn
domain_name | mail e_mail | dn
distinguished_name}
Sets the peer ID type and content to any value, the specified IP
address, domain name, or e-mail address.
[no] xauth type {server xauth_method |
client name username password password}
Enables extended authentication and specifies whether the UAG is
the server or client. If the UAG is the server, it also specifies the
extended authentication method (
aaa authentication
profile_name); if the UAG is the client, it also specifies the
username and password to provide to the remote IPSec router. The
no command disables extended authentication.
username: You can use alphanumeric characters, underscores (_),
and dashes (-), and it can be up to 31 characters long.
password: You can use most printable ASCII characters. You cannot
use square brackets [ ], double quotation marks (“), question marks
(?), tabs or spaces. It can be up to 31 characters long.
isakmp policy rename policy_name policy_name Renames the specified IKE SA (first policy_name) to the specified
name (second policy_name).
Table 121 isakmp Commands: IKE SAs (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
