User manual

ManualsBrandsDigi ManualsSoftwareNetwork Router 90000566_H

231

232

233

234

235

236

237

238

239

240

set vpn

Chapter 2 Command Descriptions 233

antireplay={on|off}

Specifies whether the antireplay feature is on or off. Antireplay allows the

IPsec tunnel receiver to detect and reject packets that have been

replayed. It does this by adding information to the packets exchanged

between VPN endpoints, to ensure that a third party cannot replay the

same information to one of the VPN endpoints at a later time to recreate

the secure channel again.

Important: If using manually-keyed tunnels, disable this option.

For negotiations to succeed, both the local and remote sides of the

connection must be set to the same value. Set this field to match that at

the remote VPN gateway. The default is “on.”

VPN tunnel options

VPN tunnel options are specified in this format:

set vpn tunnel [tunnel options] [manually-keyed options]

[isakmp options]

Where:

set vpn tunnel

Specifies that the “set vpn” command is for configuring a VPN tunnel.

[tunnel options]

The VPN tunnel configuration options. The set of options specified

depends on whether the method of establishing the VPN tunnel is

manually-keyed or ISAKMP.

index={1-2}

The index number for an existing VPN tunnel.

name=tunnel name

A name that describes the VPN tunnel. This may be used to help

identify each tunnel with a descriptive and unique name.

newname=tunnel name

The new name for the VPN tunnel.

mode={disabled|manually-keyed|isakmp}

The method of establishing the VPN tunnel.

disabled

The VPN tunnel is enabled or disabled. Use this option when

creating several tunnels, where only one would be used initially. In

that case, you would add a disabled tunnel for future use and

enable it on a subsequent “set vpn” command.

manually-keyed

The VPN tunnel is established by manually keying in VPN tunnel

and security settings. These settings must match the settings of the

remote VPN endpoint. Manually-keyed VPNs do not use IKE/

ISAKMP. Manually-keyed VPN keys never expire.

isakmp

The VPN tunnel is established by specifying a list of security

policies to negotiate a set of security settings from the remote VPN

endpoint.