Filter
Top Products
Chapter 4
Configuration via the Command Line Interface
E-DOC-CTC-20051017-0169 v0.1
116
4.3.4 Set or Modify the Peer Descriptor Parameters
modify command The ipsec peer descriptor modify command sets or modifies the Peer
Security Descriptor parameters.
Example In this example, the parameters of the previously defined Peer Security Descriptor
peerdes1 are set to the following values:
crypto = AES
keylen = 128
integrity = MD5
group = MODP1536
lifetime secs = 84600
[ipsec peer descriptor]=>modify
name = peerdes1
[crypto] =
DES 3DES AES
[crypto] = AES
keylen =
128 192 256
keylen = 128
[integrity] =
MD5 SHA1
[integrity] = MD5
[group] =
MODP768 MODP1024 MODP1536
[group] = MODP1536
[lifetime_secs] = 84600
:IPSec peer descriptor modify name=peerdes1 crypto=AES keylen=128
integrity=MD5 group=MODP1536 lifetime_secs=84600
[ipsec peer descriptor]=>
The parameters of the pre-defined descriptors can also be changed with the
modify command. Use this feature for example if you want to change the
lifetime parameter only.
The descriptors must match at both peers in order to have a successful
outcome of the Phase 1 negotiation.