Chapter 33 IPSec VPN
ZyWALL Series CLI Reference Guide
280
33.2.2 IPv4 IPSec SA Commands (except Manual Keys)
This table lists the commands for IPSec SAs, excluding manual keys (VPN connections using VPN
gateways).
xauth type {server auth_method
[user-id {username | any}] | client
name username password password}
[deactivate]
Enables extended authentication and specifies whether
the Zyxel Device is the server or client. If the Zyxel Device
is the server, it also specifies the extended authentication
method (aaa authentication
profile_name); if the
Zyxel Device is the client, it also specifies the username
and password to provide to the remote IPSec router. The
deactivate command disables extended
authentication.
auth_method: The name of the authentication profile
the VPN configuration provisioning service uses to
authenticate users.
user-id: A user or user group allowed to use the IKE SA.
any allows any user with a valid user account and
password on the Zyxel Device to use the IKE SA.
username: You can use alphanumeric characters,
underscores (_), and dashes (-), and it can be up to 31
characters long.
password: You can use most printable ASCII characters.
You cannot use square brackets [ ], double quotation
marks (“), question marks (?), tabs or spaces. It can be
up to 31 characters long.
isakmp policy rename policy_name
policy_name
Renames the specified IKE SA (first policy_name) to the
specified name (second policy_name).
Table 147 isakmp Commands: IKE SAs (continued)
COMMAND DESCRIPTION
Table 148 crypto Commands: IPSec SAs
COMMAND DESCRIPTION
[no] crypto ignore-df-bit
Fragment packets larger than the MTU (Maximum
Transmission Unit) that have the “don’t” fragment” bit in
the header turned on. The
no command has the Zyxel
Device drop packets larger than the MTU that have the
“don’t” fragment” bit in the header turned on.
show crypto map [map_name]
Shows the specified IPSec SA or all IPSec SAs.
crypto map dial map_name
Dials the specified IPSec SA manually. This command
does not work for IPSec SAs using manual keys or for
IPSec SAs where the remote gateway address is 0.0.0.0.
[no] crypto map map_name
Creates the specified IPSec SA if necessary and enters
sub-command mode. The
no command deletes the
specified IPSec SA.
crypto map rename map_name map_name
Renames the specified IPSec SA (first map_name) to the
specified name (second map_name).
activate
deactivate
Activates or deactivates the specified IPSec SA.
To Next Page
Loading...
