Filter
Top Products
Appendix G Command Interpreter
ZyWALL 2 Plus User’s Guide
645
By default the ZyWALL uses a 128 bit AES encryption key for phase 2 IPSec tunnels. Use
this command to edit an existing VPN rule to use a longer AES encryption key.
See the following example. Say you have a VPN rule one that uses AES for the phase 2
encryption and you want it to use 192 bit encryption.
• Use the first line to start editing the VPN rule.
• The second line sets VPN rule one to use 192 bit AES for the phase 2 encryption.
• The third line displays the results.
Figure 467 Routing Command Example
ras> ipsec ipsecEdit 1
ras> ipsec ipsecConfig encryKeyLen 1
ras> ipsec ipsecDisplay
---------- IPSec Setup ----------
Index #= 1 Active= No Multi Pro = No Protocol= 0 Global SW= 0xA
Bound IKE 9999 NailUp = No Netbios = No Name= test
ControlPing = No LogControlPing = No Control ping address = 0.0.0.0
Local: Addr Type= SINGLE Port Start= 0 End= N/A
IP Addr Start= 0.0.0.0 Mask= N/A
Remote: Addr Type= SINGLE Port Start= 0 End= N/A
IP Addr Start= 0.0.0.0 Mask= N/A
Enable Replay Detection= No Key Management= IKE
Phase 2 - Active Protocol= ESP
Encryption Algorithm= AES Authentication Algorithm= SHA1
Encryption Key Length = 192
SA Life Time (Seconds)= 28800
Encapsulation= Tunnel Perfect Forward Secrecy (PFS)= None
ras>