Filter
Top Products
Chapter 4
Configuration via the Command Line Interface
E-DOC-CTC-20051017-0169 v0.1
133
4.5.4 Set the Connection Security Descriptor
Parameters
modify command The ipsec connection descriptor modify command sets or modifies
the connection descriptor parameters.
Example In this example, the parameters of the previously defined Connection Security
Descriptor cnctdes1 are set to the following values:
crypto = AES
key length = 128
integrity = HMAC-MD5
Perfect Forward Secrecy = disabled
lifetime secs = 3600
lifetime kbytes = 10000
Encapsulation mode = tunnel mode
The Descriptors must match at both tunnel ends in order to have a
successful outcome of the Phase 2 negotiation.
[ipsec connection descriptor]=>modify
name = cnctdes1
[crypto] =
DES
3DES
AES
NULL
[crypto] = AES
keylen =
128 192 256
keylen = 128
[integrity] =
HMAC-MD5
HMAC-SHA1
[integrity] = HMAC-MD5
[pfs] = disabled
[lifetime_secs] = 3600
[lifetime_kbytes] = 10000
[encapsulation] = tunnel
:ipsec connection descriptor modify name=cnctdes1 crypto=AES keylen=128
integrity=HMAC-MD5 lifetime_secs=3600 lifetime_kbytes=10000
[ipsec connection descriptor]=>
The parameters of the pre-defined descriptors can also be changed with the
modify command. Use this feature for example if you want to change the
lifetime parameter only.
The descriptors must match at both peers in order to have a successful
outcome of the Phase 2 negotiation.