User`s guide
206
RSA private key file
The name of a X.509 certificate file holding the router’s private part of the public/private
key pair used in certificate exchanges. See ‘X.509 Certificates’ in the ‘IPsec and VPNs’
section for further explanation.
SA Removal Mode
Determines how IPsec and IKE SAs are removed.
‘Normal’ operation will not delete the IKE SA when all the IPsec SAs that were created by it
are removed and will not remove IPsec SAs when the IKE SA that was used to create them
is deleted.
‘Remove IKE SA when last IPSec SA removed’ will delete the IKE SA when all the IPsec SAs
that it created to a particular peer are removed.
‘Remove IPSec SAs when IKE SA removed’ will delete all IPSec SAs that have been created
by the IKE SA that has been removed.
‘Both’ will remove IPSec SAs when their IKE SA is deleted, and delete IKE SAs when their
IPSec SAs are removed.
Related CLI Commands
Entity
Instance
Parameter
Values
Equivalent Web Parameter
ike n retranint 0 - 255
Retransmit a frame if no response
after n seconds
ike n retran 0 - 9
Stop IKE negotiation after n
retransmissions
ike n inactto 0 - 255
Stop IKE negotiation if no packet
received for n seconds
ike n dpd on, off Enable Dead Peer Detection
ike n natt on, off Enable NAT-Traversal
ike n initialcontact on, off
Send INITIAL-CONTACT
notifications
ike n keepph1 on, off
Retain phase 1 SA after failed
phase 2 negotiation
ike n privrsakey Filename RSA private key file
ike n delmode
0 = Normal
1 = Remove IKE
SA when last IPsec
SA removed
2 = Remove IPsec
SAs when IKE SA
remove
3 = Both
SA Removal Mode
ike n openswan on, off
None. This enables support for
Openswan IKE implementations.