EasyManua.ls Logo

ZyXEL Communications ZYWALL USG CLI - Page 125

ZyXEL Communications ZYWALL USG CLI
342 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 15 IPSec VPN
ZyWALL (ZLD) CLI Reference Guide
125
[no] crypto map map_name Creates the specified IPSec SA if necessary and
enters sub-command mode. The
no command
deletes the specified IPSec SA.
crypto map rename map_name map_name Renames the specified IPSec SA (first map_name)
to the specified name (second map_name).
crypto map map_name
activate
deactivate
Activates or deactivates the specified IPSec SA.
ipsec-isakmp policy_name Specifies the IKE SA for this IPSec SA and
disables manual key.
encapsulation {tunnel | transport} Sets the encapsulation mode.
transform-set esp_crypto_algo
[esp_crypto_algo [esp_crypto_algo]]
Sets the active protocol to ESP and sets the
encryption and authentication algorithms for each
proposal.
esp_crypto_algo: {esp-3des-md5 | esp-3des-
sha | esp-aes128-md5 | esp-aes128-sha | esp-
aes192-md5 | esp-aes192-sha | esp-aes256-md5 |
esp-aes256-sha | esp-des-md5 | esp-des-sha |
esp-null-md5 | esp-null-sha}
transform-set {ah-md5 | ah-sha} [{ah-md5 |
ah-sha} [{ah-md5 | ah-sha}]]
Sets the active protocol to AH and sets the
encryption and authentication algorithms for each
proposal.
scenario {site-to-site-static|site-to-
site-dynamic|remote-access-server|remote-
access-client}
Select the scenario that best describes your
intended VPN connection.
Site-to-site: The remote IPSec router has a
static IP address or a domain name. This ZyWALL
can initiate the VPN tunnel.
site-to-site-dynamic: The remote IPSec
router has a dynamic IP address. Only the remote
IPSec router can initiate the VPN tunnel.
remote-access-server: Allow incoming
connections from IPSec VPN clients. The clients
have dynamic IP addresses and are also known as
dial-in users. Only the clients can initiate the VPN
tunnel.
remote-access-client: Choose this to
connect to an IPSec server. This ZyWALL is the
client (dial-in user) and can initiate the VPN tunnel.
set security-association lifetime seconds
<180..3000000>
Sets the IPSec SA life time.
set pfs {group1 | group2 | group5 | none} Enables Perfect Forward Secrecy group.
local-policy address_name Sets the address object for the local policy (local
network).
remote-policy address_name Sets the address object for the remote policy
(remote network).
Table 64 crypto Commands: IPSec SAs (continued)
COMMAND DESCRIPTION

Table of Contents

Related product manuals