User guide
Chapter 4. Configuring Special Features 125
ike peers set peeridtype <IPADDR | DOMAINNAME | EMAIL> <PeerName>
Sets the type of the peer ID (IP address, domain name, or e-mail address).This must match the local ID
type on the other end.
IKE Proposal Commands
The IKE proposal commands define the proposals exchanged during the Phase 1 SA.
ike proposals add <ProposalName> Defines the name of a new IKE proposal.
ike proposals delete <ProposalName> Deletes an existing IKE proposal.
ike proposals list Lists the IKE proposals.
The following commands specify the contents of the proposals exchanged.
ike proposals set session_auth <PRESHARE> <ProposalName>
Proposes the session authentication; preshared key is currently the only option.
ike proposals set encryption <DES | 3DES> <ProposalName>
Proposes the encryption method used, as follows:
DES 56-bit encryption
3DES 168-bit encryption
ike proposals set message_auth <NONE | MD5 | SHA1> <ProposalName>
Proposes the message authentication performed. It can propose no message authentication or
authentication using the hash algorithm Message Digest 5 (MD5) or Secure Hash Algorithm-1 (SHA1).
ike proposals set dh_group <NONE | 1 | 2 | 5> <ProposalName>
Proposes the Diffie-Hellman (DH) key generation group used (no group or group 1, 2, or 5).
ike proposals set lifetime <seconds> <ProposalName>
Proposes the length of time (in seconds) before the Phase 1 SA expires; the recommended value is 86400
(24 hours). When the time limit expires, IKE renegotiates the connection.
IKE IPSec Proposal Commands
The IKE IPSec proposal commands define the proposals exchanged to set up an IPSec SA, that is, an SA to be
used for the user data transfer.
ike ipsec proposals add <ProposalName> Defines the name of a new IKE IPSec proposal.
ike ipsec proposals delete <ProposalName> Deletes an existing IKE IPSec proposal.
ike ipsec proposals list Lists the IKE IPSec proposals.
The followings proposals set commands specify the contents of the proposals exchanged.