Chapter 33 IPSec VPN
ZyWALL Series CLI Reference Guide
291
[no] fall-back
Set this to have the Zyxel Device reconnect to the primary address when it
becomes available again and stop using the secondary connection, if the
connection to the primary address goes down and the Zyxel Device
changes to using the secondary connection. Users will lose their VPN
connection briefly while the Zyxel Device changes back to the primary
connection. To use this, the peer device at the secondary address cannot
be set to use a nailed-up VPN connection.
fall-back-check-
interval <60..86400>
Sets how often (in seconds) the Zyxel Device checks if the primary address
is available.
transform-set isakmp-
algo [isakmp_algo
[isakmp_algo]]
Sets the encryption and authentication algorithms for each IKEv2 SA
proposal.
isakmp_algo: {des-md5 | des-sha | 3des-md5 | 3des-sha |
aes128-md5 | aes128-sha | aes192-md5 | aes192-sha | aes256-
md5 | aes256-sha | aes256-sha256 | aes256-sha512}
lifetime <180..3000000>
Sets the IKEv2 SA life time to the specified value.
group1
group2
group5
Sets the DH group to the specified group.
local-ip {ip IPv6}
Sets the local gateway address to the specified IP address.
peer-ip {ip IPv6]
Sets the remote gateway address(es) to the specified IP address(es).
keystring
pre_shared_key
Sets the pre-shared key of up to 128 characters that can be used for
authentication. The pre_shared_key can be:
• Alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./<>=-".
• Hexadecimal (0-9, A-F) characters, preceded by “0x”.
The pre-shared key is case-sensitive.
local-id type {ip IPv6
| fqdn domain_name |
mail e_mail | dn
distinguished_name}
Sets the local ID type and content to the specified IP address, domain
name, or e-mail address.
peer-id type {any | ip
IPv6 | fqdn domain_name
| mail e_mail | dn
distinguished_name}
Sets the peer ID type and content to any value, the specified IP address,
domain name, or e-mail address.
eap auth_method
auth_method
Sets auth method for EAP. Default value is Mschapv2.
[no] eap type {server
auth_method user-id
{name|any}| client name
username {password
PASSWORD| encrypted-
password password}
Enables extended authentication and specifies whether the ZyWALL/ USG
is the server or client. If the Zyxel Device is the server, it also specifies the
AAA authentication method (aaa authentication profile_name); if the
Zyxel Device is the client, it also specifies the username and password to
provide to the remote IPSec router. The no command disables extended
authentication.
• username: You can use alphanumeric characters, underscores (_),
and dashes (-), and it can be up to 31 characters long.
• password: You can use most printable ASCII characters. You cannot
use square brackets [ ], double quotation marks (“), question marks (?),
tabs or spaces. It can be up to 31 characters long.
ikev2 policy rename
policy_name policy_name
Renames the specified IKEv2 SA (first policy_name) to the specified name
(second policy_name).
[no] twofa-auth
Enables two-factor authentication. The no command disables two-factor
authentication.
Table 154 sa Commands: IPv6 IKEv2 (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
