Manualshelf

User guide

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
121122123124125126127128129130
126 Chapter 4. Configuring Special Features
Note: The following three commands determine the encapsulation method (AH or ESP) used and the
authentication and/or encryption performed. You cannot request both AH and ESP encapsulation in the same
proposal. You can request any one of the following: AH authentication, ESP encryption, ESP authentication, or
ESP encryption and authentication.
ike ipsec proposals set espenc <DES | 3DES | NULL | NONE> <ProposalName>
Determines whether ESP encryption is requested and, if it is requested, the encryption method used.
DES Use ESP encapsulation and 56-bit encryption
3DES Use ESP encapsulation and 168-bit encryption (if 3DES is enabled in the router; see Software
Option Keys, page 99.)
NULL No encryption, but use ESP encapsulation. Headers are inserted as though the data was
encrypted. This allows veriÞcation of the source, but sends the data in the clear, increasing
throughput.
NONE No encryption and no ESP encapsulation. (If you select this option, the encapsulation method
must be requested by a set espauth or set ahauth command.)
ike ipsec proposals set espauth <MD5 | SHA1 | NONE> <ProposalName>
Determines whether ESP message authentication is requested and, if it is requested, the hash algorithm
used.
MD5 Use ESP encapsulation and authenticate using hash algorithm Message Digest 5.
SHA1 Use ESP encapsulation and authenticate using hash algorithm Secure Hash Algorithm-1.
NONE No ESP encapsulation and no ESP message authentication. (If you select this option, the
encapsulation method must be requested by a set espenc or set ahauth command.)
ike ipsec proposals set ahauth <MD5 | SHA1 | NONE> <ProposalName>
Determines whether AH message authentication is requested and, if it is requested, the hash algorithm
used.
Note: The proposal cannot request both AH encapsulation and ESP encapsulation.
MD5 Use AH encapsulation and authenticate using hash algorithm Message Digest 5.
SHA1 Use AH encapsulation and authenticate using hash algorithm Secure Hash Algorithm-1.
NONE No AH encapsulation and no AH message authentication. (If you select this option, the encap-
sulation method must be requested by a set espenc or set espauth command.)
ike ipsec proposals set ipcomp <NONE | LZS> <ProposalName>
Proposes either no compression or LZS compression.
ike ipsec proposals set lifetime <seconds> <ProposalName>
Proposes the length of time (in seconds) before the IPSec SA expires; the recommended value is 86400
(24 hours). When the time limit expires, IKE renegotiates the connection.
ike ipsec proposals set lifedata <kbytes> <ProposalName>