Chapter 15 IPSec VPN
ZyWALL (ZLD) CLI Reference Guide
123
The following sections list the IPSec VPN commands.
15.2.1 IKE SA Commands
This table lists the commands for IKE SAs (VPN gateways).
distinguished_name A domain name. You can use up to 511 alphanumeric, characters, spaces,
or .@=,_- characters.
sort_order Sort the list of currently connected SAs by one of the following
classifications.
algorithm
inbound
outbound
timeout
encapsulation
name
policy
Table 62 Input Values for IPSec VPN Commands (continued)
LABEL DESCRIPTION
Table 63 isakmp Commands: IKE SAs
COMMAND DESCRIPTION
show isakmp keepalive Displays the Dead Peer Detection period.
show isakmp policy [policy_name] Shows the specified IKE SA or all IKE SAs.
isakmp keepalive <2..60> Sets the Dead Peer Detection period.
[no] isakmp policy policy_name Creates the specified IKE SA if necessary and
enters sub-command mode. The
no command
deletes the specified IKE SA.
isakmp policy rename policy_name policy_name Renames the specified IKE SA (first
policy_name) to the specified name (second
policy_name).
isakmp policy policy_name
activate
deactivate
Activates or deactivates the specified IKE SA.
mode {main | aggressive} Sets the negotiating mode.
transform-set isakmp-algo [isakmp_algo
[isakmp_algo]]
Sets the encryption and authentication algorithms
for each proposal.
ISAKMP_ALGO: {des-md5 | des-sha | 3des-md5 |
3des-sha | aes128-md5 | aes128-sha | aes192-
md5 | aes192-sha | aes256-md5 | aes256-sha}
lifetime <180..3000000> Sets the IKE SA life time to the specified value.
group1
group2
group5
Sets the DHx group to the specified group.
[no] natt Enables NAT traversal. The
no command disables
NAT traversal.
[no] dpd Enables Dead Peer Detection (DPD). The
no
command disables DPD.
local-ip {ip {ip | domain_name} |
interface interface_name}
Sets the local gateway address to the specified IP
address, domain name, or interface.
To Next Page
Loading...
