Chapter 33 IPSec VPN
ZyWALL Series CLI Reference Guide
279
fall-back-check-interval
<60..86400>
Sets how often (in seconds) the Zyxel Device checks if
the primary address is available.
mode {main | aggressive}
Sets the negotiating mode.
transform-set isakmp-algo
[isakmp_algo [isakmp_algo]]
Sets the encryption and authentication algorithms for
each IKE SA proposal.
isakmp_algo: {des-md5 | des-sha | 3des-md5 | 3des-
sha | aes128-md5 | aes128-sha | aes192-md5 | aes192-
sha | aes256-md5 | aes256-sha | aes256-sha256 |
aes256-sha512}
lifetime <180..3000000>
Sets the IKE SA life time to the specified value.
group1
group2
group5
group14
Sets the DHx group to the specified group.
[no] natt
Enables NAT traversal. The no command disables NAT
traversal.
local-ip {ip {ip | domain_name} |
interface interface_name}
Sets the local gateway address to the specified IP
address, domain name, or interface.
peer-ip {ip | domain_name} [ip |
domain_name]
Sets the remote gateway address(es) to the specified IP
address(es) or domain name(s).
keystring pre_shared_key
Sets the pre-shared key of up to 128 characters that can
be used for authentication. The pre_shared_key can
be:
• Alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./
<>=-".
• Hexadecimal (0-9, A-F) characters, preceded by
“0x”.
The pre-shared key is case-sensitive.
local-id type {ip ip | fqdn
domain_name | mail e_mail | dn
distinguished_name}
Sets the local ID type and content to the specified IP
address, domain name, or e-mail address.
peer-id type {any | ip ip | fqdn
domain_name | mail e_mail | dn
distinguished_name}
Sets the peer ID type and content to any value, the
specified IP address, domain name, or e-mail address.
[no] twofa-auth
Enables two-factor authentication. The no command
disables two-factor authentication.
See Section 56.4 on page 482 and Section 56.5 on page
486 for more information on configuring two-factor
authentication settings.
Table 147 isakmp Commands: IKE SAs (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
