Manualshelf

Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
191192193194195196197198199200
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-58 Efficient Networks
®
IKE Proposal Commands
The IKE proposal commands define the proposals exchanged during the Phase 1 SA.
-> ike proposals add <proposalname>
Defines the name of a new IKE proposal.
-> ike proposals delete <proposalname>
Deletes an existing IKE proposal.
-> ike proposals list
Lists the IKE proposals.
The following commands specify the contents of the proposals exchanged.
-> ike proposals set session_auth <preshare> <proposalname>
Proposes the session authentication; preshared key is currently the only option.
-> ike proposals set encryption <des | 3des> <proposalname>
Proposes the encryption method used, as follows:
DES Encryption using a 56-bit key.
3DES Encryption using three 56-bit keys, thus, producing 168-bit encryption.
-> ike proposals set message_auth <none | md5 | sha1>
<proposalname>
Proposes the message authentication performed. It can propose no message
authentication or authentication using the hash algorithm Message Digest 5 (MD5) or
Secure Hash Algorithm-1 (SHA1).
-> ike proposals set dh_group <none | 1 | 2> <proposalname>
Proposes the Diffie-Hellman (DH) key generation group used (no group or group 1 or
2).
-> ike proposals set lifetime <seconds> <proposalname>
Proposes the length of time (in seconds) before the Phase 1 SA expires; the
recommended value is 86400 (24 hours). When the time limit expires, IKE
renegotiates the connection.
IKE IPSec Proposal Commands
The IKE IPSec proposal commands define the proposals exchanged to set up an
IPSec SA, that is, an SA for the user data transfer.
-> ike ipsec proposals add <proposalname>