User manual

set vpn
Chapter 2 Command Descriptions 239
sa_lifetime=10-2^32
Determines how long an Security Association (SA) policy is active, in
seconds. After the IKE SA has been negotiated, the SA lifetime
begins. Once the lifetime has completed, a new set of SA policies are
negotiated using IKE phase 2 negotiation.
sa_lifetime_data=0-2^32
The amount of data, in bytes or kilobytes, that is sent and received until
the SA is renegotiated. This value is analogous to the SA lifetime. Also
known as SA life size.
IKE/ISAKMP SA Phase 2 options
Security policies define the set of security settings for incoming and
outgoing traffic used to encrypt and authorize data. One or more sets of
settings may be specified. The actual set of negotiated settings depends
on the available policies specified by the remote VPN endpoint.
The VPN Phase 2 options are used to configure a set of security policies
for ISAKMP tunnels. The settings define the set of encryption and
authentication algorithms used for incoming and outgoing traffic over the
VPN tunnel.
A security policy can have multiple proposals. For example, a policy can
have two proposals so to allow older VPN devices to connect using less-
secure methods, while allowing the same policy to have a second (or more)
proposal to allow newer, more powerful end-points to use more secure
methods.
set vpn phase2
Specifies that the “set vpn” command is for configuring a VPN Phase
2options.
tunnel=1-2
The index number assigned to the VPN tunnel.
name=tunnel name
The name of the VPN tunnel.
proposal=(1- 8)
The index number assigned to the security proposal.
state={enabled|disabled}
Whether the VPN tunnel is enabled or disabled. You can use this
option when creating several tunnels where only one would be used
initially. In that case, you would add a disabled tunnel for future use
and enable it on a subsequent “set vpn” command.