Chapter 28 IPSec VPN
ZyWALL / USG (ZLD) CLI Reference Guide
195
28.2.8 IPv6 IKEv2 SA Commands
This table lists the commands for the IPv4 IKEv2 SA.
Table 108 sa Commands: IPv6 IKEv2
COMMAND DESCRIPTION
show ikev2 policy6
[policy_name]
Shows the specified IKEv2 SA or all IKEv2 SAs.
[no] ikev2 policy6 policy_name Creates the specified IKEv2 SA if necessary and enters sub-command mode. The no
command deletes the specified IKEv2 SA.
activate
deactivate
Activates or deactivates the specified IKEv2 SA.
authentication {pre-share
| rsa-sig}
Specifies whether to use a pre-shared key or a certificate for authentication
certificate certificate-
name
Sets the certificate that can be used for authentication.
[no] fall-back Set this to have the ZyWALL / USG reconnect to the primary address when it
becomes available again and stop using the secondary connection, if the connection
to the primary address goes down and the ZyWALL / USG changes to using the
secondary connection. Users will lose their VPN connection briefly while the ZyWALL /
USG changes back to the primary connection. To use this, the peer device at the
secondary address cannot be set to use a nailed-up VPN connection.
fall-back-check-interval
<60..86400>
Sets how often (in seconds) the ZyWALL / USG checks if the primary address is
available.
transform-set isakmp-algo
[isakmp_algo
[isakmp_algo]]
Sets the encryption and authentication algorithms for each IKEv2 SA proposal.
isakmp_algo: {des-md5 | des-sha | 3des-md5 | 3des-sha | aes128-md5 |
aes128-sha | aes192-md5 | aes192-sha | aes256- md5 | aes256-sha |
aes256-sha256 | aes256-sha512}
lifetime <180..3000000> Sets the IKEv2 SA life time to the specified value.
group1
group2
group5
Sets the DH group to the specified group.
local-ip {ip IPv6} Sets the local gateway address to the specified IP address.
peer-ip {ip IPv6] Sets the remote gateway address(es) to the specified IP address(es).
keystring pre_shared_key Sets the pre-shared key that can be used for authentication. The pre_shared_key
can be:
• 8 - 32 alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./<>=-".
• 16 - 64 hexadecimal (0-9, A-F) characters, preceded by “0x”.
The pre-shared key is case-sensitive.
local-id type {ip IPv6 |
fqdn domain_name | mail
e_mail | dn
distinguished_name}
Sets the local ID type and content to the specified IP address, domain name, or e-
mail address.
peer-id type {any | ip
IPv6 | fqdn domain_name |
mail e_mail | dn
distinguished_name}
Sets the peer ID type and content to any value, the specified IP address, domain
name, or e-mail address.
eap auth_method
AUTH_METHOD
Sets auth method for EAP. Default value is Mschapv2.
To Next Page
Loading...
