Filter
Top Products
Chapter 16 IPSec Commands
ZyWALL (ZyNOS) CLI Reference Guide
130
16.4 Command Examples
This example adds an IKE rule as follows.
• IKE Rule Name: VPN-ph1
• My IP Address: 10.1.1.1
• Secure Gateway Address: 10.1.1.2
• Authentication: Pre-Shared Key
• Pre-Shared Key: 12345678
This example enables VPN HA on an existing IKE rule.
" You need to load an IKE rule first by ikeAdd or ikeEdit before you configure
IKE settings.
• IKE Rule index: 1
• The redundant secure gateway IP: 10.1.1.5
• Fall back detection: Enable
• The time interval for fall back detection: 180 seconds
• DPD for fail over detection: Enable
• Output idle Timeout for fail over detection: Enable
ras> ipsec ikeAdd
ras> ipsec ikeConfig name VPN-ph1
ras> ipsec ikeConfig myIpAddr 10.1.1.1
ras> ipsec ikeConfig secureGwAddr 10.1.1.2
ras> ipsec ikeConfig authMethod 0
ras> ipsec ikeConfig preShareKey 12345678
ras> ipsec ikeSave
ras> ipsec ikeList
Configure IKE number 1
Idx SPD Name Flags MyIP SecureGW
===============================================================================
1 0 VPN-ph1 3 10.1.1.1 10.1.1.2
ras> ipsec ikeEdit 1
ras> ipsec ikeConfig ha enable on
ras> ipsec ikeConfig ha redunSecGwAddr 10.1.1.5
ras> ipsec ikeConfig ha fallback enable on
ras> ipsec ikeConfig ha fallback interval 180
ras> ipsec ikeConfig ha failover dpd on
ras> ipsec ikeConfig ha failover outputIdleTime on
ras> ipsec ikeConfig ha failover display
Fail over detection methods:
Output Idle Time: Yes
DPD: Yes
Ping Check: No
ras> ipsec ikeSave