Manualshelf

Specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
331332333334335336337338339340
338 Chapter 8. Command Reference
ike ipsec policies set interface all mypolicy
IKE IPSEC POLICIES SET MODE
Defines the mode filtering parameter value for the policy. The mode parameter specifies the encapsulation mode
(tunnel or transport) that may be used for the connection (see Transport and Tunnel Encapsulation Modes, on page
134). If no value is set for the mode parameter, tunnel mode is assumed.
TUNNEL Encapsulation method required for the connection. The default is TUNNEL.
TRANSPORT
PolicyName Name of the IPsec policy to which the encapsulation mode parameter value is added. To see
the policy names, use the ike ipsec policies list command.
Example: ike ipsec policies set mode transport rtr2rtrpolicy
IKE IPSEC POLICIES SET PEER
Defines a peer filtering parameter value for the policy. The peer parameter specifies an IKE peer that may be used
for the connection. (The peer must have been defined by IKE peer commands; see IKE Peer Commands, on page
139.)
PeerName Name of an IKE peer. To see the IKE peer names, use the ike peers list command.
PolicyName Name of the IPsec policy to which the peer parameter value is added. To see the policy
names, use the ike ipsec policies list command.
Example: ike ipsec policies set peer my_aggressive_peer mypolicy
IKE IPSEC POLICIES SET PFS
Defines the pfs filtering parameter value for the policy. The pfs parameter specifies the Perfect Forward Secrecy
negotiation used for the connection.
If you specify 1 or 2, Perfect Forward Secrecy is performed using the specified Diffie-Hellman group (1 or 2). If
you specify none, then Perfect Forward Secrecy is not required for this connection and no Diffie-Hellman group
is used to encrypt the keys during rekey. To read more about PFS, see IKE Management, on page 136
ike ipsec policies set pfs <1 | 2 | none > <PolicyName>
1 Use Diffie-Hellman group 1 for the Perfect Forward Secrecy negotiation.
2 Use Diffie-Hellman group 2 for the Perfect Forward Secrecy negotiation.
ike ipsec policies set mode <TUNNEL | TRANSPORT> <PolicyName>
ike ipsec policies set peer <PeerName> <PolicyName>
ike ipsec policies set pfs <1 | 2 | none > <PolicyName>