Product specifications

Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-68 Efficient Networks
®
IPSec Commands
The following commands allow you to define an IPSec connection without IKE.
NOTE:
If you define a tunnel using IPSec commands, the keys will remain static. This could
pose a security risk and is not recommended. Use of IKE for key management is
recommended.
-> ipsec flush
Clears all IPSec definitions.
-> ipsec add <saname>
Defines an SA name.
-> ipsec delete <saname>
Deletes an existing SA name.
-> ipsec list [<saname>]
Lists one or all SA entries.
-> ipsec enable <saname>
Enables a defined SA name.
-> ipsec disable <saname>
Disables a defined SA name.
The following commands define parameters for the specified Security Association
(SA).
-> ipsec set mode <tunnel | transport> <saname>
Requests the encapsulation mode (tunnel or transport) for the SA. The default is
tunnel mode.
-> ipsec set direction <inbound | outbound> <saname>
Defines the direction of the SA.
-> ipsec set gateway <ipaddress> <saname>
Defines the IP address of the gateway.
-> ipsec set encryption <null | des-cbc | 3des> <saname>
Selects no encryption, DES (56-bit) encryption or 3DES (168-bit) encryption.