Product specifications
Efficient Networks
®
Router family
Technical Reference Guide
Chapter 5: System Security
Efficient Networks
®
Page 5-61
IKE IPSec Policy Commands
The IKE IPSec policy commands specify the filtering parameters for the IPSec SA.
-> ike ipsec policies add <policyname>
Defines the name of a new IPsec policy.
-> ike ipsec policies delete <policyname>
Deletes an existing IPSec policy.
-> ike ipsec policies list
Lists the IPSec policies.
-> ike ipsec policies enable <policyname>
Indicates that the specification of this IPSec policy is complete and enables use of the
policy.
-> ike ipsec policies disable <policyname>
Disables an IPSec policy.
The following commands define the filtering parameters for the policy.
-> ike ipsec policies set peer <peername> <policyname>
Specifies an IKE peer that may be used for the connection.
-> ike ipsec policies set mode <tunnel | transport>
<policyname>
Specifies the encapsulation mode (tunnel or transport) that may be used for the
connection. The default is tunnel mode.
-> ike ipsec policies set proposal <proposalname> <policyname>
Specifies an IKE IPSec proposal that may be used for the connection. (It must have
been defined by IKE IPSec proposal commands.) The policy may allow more than
one value for the proposal parameter. For example, two set proposal commands
could specify two proposals, either of which could be used by the connection.
-> ike ipsec policies set pfs <none | 1 | 2> <policyname>
Sets the Perfect Forward Secrecy negotiation and specifies the Diffie-Hellman group
used for each rekey (none or group 1 or 2). Perfect Forward Secrecy increases the
security of the key exchange; compromise of a single key permits access to only the
data protected by that particular key. However, the additional encryption slows the IKE
process so it is not always desirable.
-> ike ipsec policies set source <ipaddress> <ipmask> <policyname>