Chapter 28 IPSec VPN
ZyWALL / USG (ZLD) CLI Reference Guide
196
28.2.9 IPv6 IPSec SA Commands
This table lists the commands for IPv6 IPSec SAs.
[no] eap type {server
auth_method user-id
{name|any}| client name
username {password
PASSWORD| encrypted-
password PASSWORD}
Enables extended authentication and specifies whether the ZyWALL/ USG is the
server or client. If the ZyWALL / USG is the server, it also specifies the AAA
authentication method (aaa authentication profile_name); if the ZyWALL / USG is
the client, it also specifies the username and password to provide to the remote
IPSec router. The no command disables extended authentication.
• username: You can use alphanumeric characters, underscores (_), and dashes (-
), and it can be up to 31 characters long.
• password: You can use most printable ASCII characters. You cannot use square
brackets [ ], double quotation marks (“), question marks (?), tabs or spaces. It
can be up to 31 characters long.
ikev2 policy rename
policy_name policy_name
Renames the specified IKEv2 SA (first policy_name) to the specified name (second
policy_name).
Table 108 sa Commands: IPv6 IKEv2 (continued)
COMMAND DESCRIPTION
Table 109 crypto Commands: IPv6 IPSec SAs
COMMAND DESCRIPTION
show crypto map6 [map_name] Shows the specified IPSec SA or all IPSec SAs.
crypto map6 dial map_name Dials the specified IPSec SA manually. This command does not
work for IPSec SAs using manual keys or for IPSec SAs where the
remote gateway address is 0.0.0.0.
[no] crypto map map_name Creates the specified IPSec SA if necessary and enters sub-
command mode. The
no command deletes the specified IPSec SA.
crypto map rename map_name map_name Renames the specified IPSec SA (first map_name) to the specified
name (second map_name).
crypto map map_name
activate
deactivate
Activates or deactivates the specified IPSec SA.
adjust-mss {auto | <200..1500>} Set a specific number of bytes for the Maximum Segment Size
(MSS) meaning the largest amount of data in a single TCP
segment or IP datagram for this VPN connection or use auto to
have the ZyWALL automatically set it.
ipsec-isakmp policy_name Specifies the IKE SA for this IPSec SA and disables manual key.
encapsulation {tunnel | transport} Sets the encapsulation mode.
transform-set crypto_algo_esp
[crypto_algo_esp [crypto_algo_esp]]
Sets the active protocol to ESP and sets the encryption and
authentication algorithms for each proposal.
crypto_algo_esp: esp-null-md5 | esp-null-sha | esp-null-sha256
| esp-null-sha512 | esp-des-md5 | esp-des-sha | esp-des-sha256
| esp-des-sha512 | esp-3des-md5 | esp-3des-sha | esp-3des-
sha256 | esp-3des-sha512 | esp-aes128-md5 | esp-aes128-sha |
esp-aes128-sha256 | esp-aes128-sha512 | esp-aes192-md5 |
esp-aes192-sha | esp-aes192-sha256 | esp-aes192-sha512 | esp-
aes256-md5 | esp-aes256-sha | esp-aes256-sha256 | esp-
aes256-sha512
transform-set crypto_algo_ah
[crypto_algo_ah [crypto_algo_ah]]
Sets the active protocol to AH and sets the encryption and
authentication algorithms for each proposal.
crypto_algo_ah: ah-md5 | ah-sha | ah-sha256 | ah-sha512
To Next Page
Loading...
