ZyXEL Communications 4.04 Network Card User Manual

Open as PDF

of 204

Chapter 16 IPSec Commands

ZyWALL (ZyNOS) CLI Reference Guide

123

ipsec ikeConfig authMethod

<0:PreSharedKey|1:RSASignature|2:pre

ShareKey+XAUTH|3:RSASignature+XAUTH>

Sets the authentication method. R+B

ipsec ikeConfig preShareKey

<ascii|0xhex>

Sets the pre-shared key.

ascii|0xhex: Enter characters in ASCII or in

hexadecimal format. The minimum length is 8.

R+B

ipsec ikeConfig certificate

<certificate-name>

Specifies the certificate the ZyWALL uses for

authentication.

R+B

ipsec ikeConfig encryAlgo

<0:DES|1:3DES|2:AES>

Sets the phase 1 encryption algorithm. R+B

ipsec ikeConfig authAlgo

<0:MD5|1:SHA1>

Sets the phase 1 authentication algorithm. R+B

ipsec ikeConfig saLifeTime <seconds> Sets the phase 1 IKE SA life time. R+B

ipsec ikeConfig keyGroup

<0:DH1|1:DH2>

Sets the phase 1 IKE SA key group. R+B

ipsec ikeConfig xauth type <0:client

mode|1:server mode>

Sets the ZyWALL in client or server mode for

extended authentication (Xauth).

R+B

ipsec ikeConfig xauth username <name> Sets the user name for Xauth. This uses the

ZyWALL's local user database to authenticate the

remote user.

R+B

ipsec ikeConfig xauth password

Sets the password for Xauth. R+B

ipsec ikeConfig xauth radius

Sets the RADIUS server user name and password. R+B

ipsec ikeConfig ha enable <on|off> Enables IPSec high availability (HA). R+B

ipsec ikeConfig ha redunSecGwAddr

<ip-address|domain-name>

Sets the redundant remote gateway address to the

specified IP address or domain name.

R+B

ipsec ikeConfig ha fallback enable

<on|off>

Enables fall back for IPSec HA. R+B

ipsec ikeConfig ha fallback interval

<time>

Enables a time interval for how often the ZyWALL

checks the availability of primary remote gateway

for fall back detection.

time: 180~86400 seconds

R+B

ipsec ikeConfig ha failover display Displays fail over detection method. R+B

ipsec ikeConfig ha failover dpd

<on|off>

Enables or disables fail over detection by Dead

Peer Detection (DPD).

R+B

ipsec ikeConfig ha failover

outputIdleTime <on|off>

Enables or disables fail over detection by output idle

timer. If the time is up and there is no reply traffic,

the ZyWALL disconnects the tunnel and negotiates

a new tunnel with the redundant remote VPN

gateway.

R+B

ipsec ikeConfig ha failover pingCheck

<on|off>

Enables or disables fail over detection by ping

check. If the ZyWALL cannot ping the pre-

configured IP address for several retries, the

ZyWALL disconnects the tunnel and negotiates a

new tunnel with the redundant remote VPN

gateway.

R+B

Table 61 Ipsec Commands (continued)

COMMAND DESCRIPTION M

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

ZyXEL Communications 4.04 Network Card User Manual