Chapter 33 IPSec VPN
ZyWALL Series CLI Reference Guide
290
33.2.8 IPv6 IKEv2 SA Commands
This table lists the commands for the IPv4 IKEv2 SA.
keystring
pre_shared_key
Sets the pre-shared key of up to 128 characters that can be used for
authentication. The pre_shared_key can be:
• Alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./<>=-".
• Hexadecimal (0-9, A-F) characters, preceded by “0x”.
The pre-shared key is case-sensitive.
local-id type {ip ip |
fqdn domain_name | mail
e_mail | dn
distinguished_name}
Sets the local ID type and content to the specified IP address, domain
name, or e-mail address.
peer-id type {any | ip
ip | fqdn domain_name |
mail e_mail | dn
distinguished_name}
Sets the peer ID type and content to any value, the specified IP address,
domain name, or e-mail address.
eap auth_method
AUTH_METHOD
Sets auth method for EAP. Default value is Mschapv2.
[no] eap type {server
AAA_method user-id
{name|any}| client name
username {password
PASSWORD| encrypted-
password PASSWORD}
Enables extended authentication and specifies whether the ZyWALL/ USG
is the server or client. If the Zyxel Device is the server, it also specifies the
AAA authentication method (aaa authentication profile_name); if the
Zyxel Device is the client, it also specifies the username and password to
provide to the remote IPSec router. The no command disables extended
authentication.
• username: You can use alphanumeric characters, underscores (_),
and dashes (-), and it can be up to 31 characters long.
• password: You can use most printable ASCII characters. You cannot
use square brackets [ ], double quotation marks (“), question marks (?),
tabs or spaces. It can be up to 31 characters long.
ikev2 policy rename
policy_name policy_name
Renames the specified IKEv2 SA (first policy_name) to the specified name
(second policy_name).
[no] twofa-auth
Enables two-factor authentication. The no command disables two-factor
authentication.
Table 153 sa Commands: IPv4 IKEv2 (continued)
COMMAND DESCRIPTION
Table 154 sa Commands: IPv6 IKEv2
COMMAND DESCRIPTION
show ikev2 policy6
[policy_name]
Shows the specified IKEv2 SA or all IKEv2 SAs.
[no] ikev2 policy6
policy_name
Creates the specified IKEv2 SA if necessary and enters sub-command
mode. The no command deletes the specified IKEv2 SA.
activate
deactivate
Activates or deactivates the specified IKEv2 SA.
authentication {pre-
share | rsa-sig}
Specifies whether to use a pre-shared key or a certificate for
authentication
certificate
certificate-name
Sets the certificate that can be used for authentication.
To Next Page
Loading...
