Manualshelf

Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
141142143144145146147148149150
142 Chapter 5. Configuring Software Options
NONE No ESP encapsulation and no ESP message authentication. (If you select this option, the
encapsulation method must be requested by a set espenc or set ahauth command.)
ike ipsec proposals set ahauth <MD5 | SHA1 | NONE> <ProposalName>
Determines whether AH message authentication is requested and, if it is requested, the hash algorithm
used.
Note: The proposal cannot request both AH encapsulation and ESP encapsulation.
MD5 Use AH encapsulation and authenticate using hash algorithm Message Digest 5.
SHA1 Use AH encapsulation and authenticate using hash algorithm Secure Hash Algorithm-1.
NONE No AH encapsulation and no AH message authentication. (If you select this option, the encap-
sulation method must be requested by a set espenc or set espauth command.)
ike ipsec proposals set ipcomp <NONE | LZS> <ProposalName>
Proposes either no compression or LZS compression.
ike ipsec proposals set lifetime <seconds> <ProposalName>
Proposes the length of time (in seconds) before the IPSec SA expires; the recommended value is 86400
(24 hours). When the time limit expires, IKE renegotiates the connection.
ike ipsec proposals set lifedata <kbytes> <ProposalName>
Proposes the maximum number of kilobytes for the IPSec SA; 0 means unlimited. After the maximum
data is transferred, IKE renegotiates the connection. By limiting the amount of data that can be
transferred, you reduce the likelihood of the key being broken.
IKE IPSec Policy Commands
The IKE IPSec policy commands specify the filtering parameters for the IPSec SA.
ike ipsec policies add <PolicyName> Defines the name of a new IPsec policy.
ike ipsec policies delete <PolicyName> Deletes an existing IPSec policy.
ike ipsec policies list Lists the IPSec policies.
ike ipsec policies enable <PolicyName> Indicates that the specification of this IPSec policy is complete and
enables use of the policy.
ike ipsec policies disable <PolicyName> Disables an IPSec policy.
The following commands define the filtering parameters for the policy.
ike ipsec policies set peer <PeerName> <PolicyName>
Specifies an IKE peer that may be used for the connection. (The peer must have been defined by IKE
peer commands.)