User manual
set vpn
238 Chapter 2 Command Descriptions
IKE/ISAKMP SA Phase 1 options
set vpn phase1
Specifies that the “set vpn” command is for configuring a VPN Phase 1
options.
index=1-2
The index number for an existing VPN tunnel.
state={enabled|disabled}
Whether the VPN tunnel is enabled or disabled. You can use this
option when creating several tunnels, where only one would be used
initially. In that case, you would add a disabled tunnel for future use
and enable it on a subsequent “set vpn” command.
auth_method={shared_key|dss|rsa}
The authentication method used by the VPN tunnel.
shared_key
Authentication is performed by using a key that secures the VPN
tunnel, where the key is either an ASCII alphanumeric value or a
hexadecimal value.
dss
Authentication is performed using Digital Signature Standard (DSS).
rsa
Authentication is performed using RSA, which uses a combination of
sender’s and receiver’s public and private keys.
authentication={md5|sha1}
The authentication algorithm used in IKE negotiations to authenticate
the IKE peers and Security Associations (SAs).
md5
MD5 authentication algorithm, which uses 128-bit keys.
sha1
SHA1 authentication algorithm, which uses 160-bit keys.
encryption={des|3des|aes}
The encryption algorithm used in IKE negotiations for encrypting data.
des
DES encryption algorithm, which uses 64-bit keys.
3des
3DES encryption algorithm, which uses 192-bit keys.
aes
AES encryption algorithm, which uses 128-bit keys.
encryption_size={0|128|192|256}
The encryption key length, in bits, used in IKE negotiations for
encrypting data. The key length is based on the encryption algorithm
and is used to calculate and create the shared key.