ZyXEL Communications ZyWALL USG-Series - Ipv4 Ikev1 SA Commands

ZyXEL Communications ZyWALL USG-Series

426 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Chapter 28 IPSec VPN

ZyWALL / USG (ZLD) CLI Reference Guide

187

The following sections list the IPSec VPN commands.

28.2.1 IPv4 IKEv1 SA Commands

This table lists the commands for IKE SAs (VPN gateways).

sort_order Sort the list of currently connected SAs by one of the following classifications.

algorithm

encapsulation

inbound

name

outbound

policy

timeout

uptime

auth_method The name of the authentication profile.

Table 100 Input Values for IPSec VPN Commands (continued)

LABEL DESCRIPTION

Table 101 isakmp Commands: IKE SAs

COMMAND DESCRIPTION

show isakmp keepalive Displays the Dead Peer Detection period.

show isakmp policy [policy_name] Shows the specified IKE SA or all IKE SAs.

[no] isakmp policy policy_name Creates the specified IKE SA if necessary and enters sub-command

mode. The

no command deletes the specified IKE SA.

activate

deactivate

Activates or deactivates the specified IKE SA.

authentication {pre-share | rsa-sig |

user-base-psk }

Specifies whether to use a pre-shared key, a certificate, or a user-

based pre-shared key for authentication.

certificate certificate-name Sets the certificate that can be used for authentication.

[no] dpd Enables Dead Peer Detection (DPD). The

no command disables

DPD.

dpd-interval <15..60> Sets the Dead Peer Detection (DPD) period.

[no] fall-back Set this to have the ZyWALL / USG reconnect to the primary

address when it becomes available again and stop using the

secondary connection, if the connection to the primary address goes

down and the ZyWALL / USG changes to using the secondary

connection.

Users will lose their VPN connection briefly while the ZyWALL / USG

changes back to the primary connection. To use this, the peer

device at the secondary address cannot be set to use a nailed-up

VPN connection.

fall-back-check-interval <60..86400> Sets how often (in seconds) the ZyWALL / USG checks if the

primary address is available.

mode {main | aggressive} Sets the negotiating mode.

transform-set isakmp-algo [isakmp_algo

[isakmp_algo]]

Sets the encryption and authentication algorithms for each IKE SA

proposal.

isakmp_algo: {des-md5 | des-sha | 3des-md5 | 3des-sha |

aes128-md5 | aes128-sha | aes192-md5 | aes192-sha | aes256-

md5 | aes256-sha | aes256-sha256 | aes256-sha512}

lifetime <180..3000000> Sets the IKE SA life time to the specified value.

Table of Contents

Other manuals for ZyXEL Communications ZyWALL USG-Series

User Guide150 pages

Quick Start Guide8 pages

Application Notes187 pages

Related product manuals

Preview: ZyXEL Communications ZyWall

ZyXEL Communications ZyWall

Preview: ZyXEL Communications ZYWALL 5

ZyXEL Communications ZYWALL 5

Preview: ZyXEL Communications ZYWALL 35

ZyXEL Communications ZYWALL 35

ZyXEL Communications ZyWALL 310

Preview: ZyXEL Communications ZyWall 110

ZyXEL Communications ZyWall 110

Preview: ZyXEL Communications ZyWALL 1100

ZyXEL Communications ZyWALL 1100

Preview: ZyWALL 2 Plus

Preview: ZyWall ATP series

ZyWall ATP series

Preview: ZYWALL USG 20

Preview: ZYWALL USG CLI

Preview: ZyWALL USG 100 Series

ZyWALL USG 100 Series