Manualshelf

User guide

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface
251252253254255256257258259260
254 Chapter 5. Command Line Interface Reference
ProposalName Name of the IPsec proposal to which the ESP authentication parameter is added. To see the
proposal names in use, use the ike ipsec proposals list command.
Example: ike ipsec proposals set espauth sha1 myproposal
IKE IPSEC PROPOSALS SET ESPENC
Sets the proposal parameter that determines whether ESP encryption is requested and, if it is requested, the
encryption method used.
For more information, see ESP and AH Security Protocols, on page 120 or IKE IPSec Proposal Commands, on
page 125.
ike ipsec proposals set espenc <DES | 3DES | NULL | NONE> <ProposalName>
One of the following:
DES Use ESP encapsulation and 56-bit encryption
3DES Use ESP encapsulation and 168-bit encryption (if 3DES is enabled in the router; see Soft-
ware Option Keys, on page 99.)
NULL No encryption, but use ESP encapsulation. Headers are inserted as though the data was
encrypted. This allows veriÞcation of the source, but sends the data in the clear, increasing
throughput.
NONE No encryption and no ESP encapsulation. (If you select this option, the encapsulation
method must be requested by a set espauth or set ahauth command.)
ProposalName Name of the IPsec proposal to which the ESP encryption parameter is added. To see the
proposal names in use, use the ike ipsec proposals list command.
Example: ike ipsec proposals set espenc 3des myproposal
IKE IPSEC PROPOSALS SET IPCOMP
Sets the proposal parameter that requests either no compression or LZS compression. For more information, see
IKE IPSec Proposal Commands, on page 125.
ike ipsec proposals set ipcomp <NONE | LZS> <ProposalName>
One of the following:
NONE No compression.
LZS Compress using the LZS algorithm.
ProposalName Name of the IPsec proposal to which the IP compression parameter is added. To see the
proposal names in use, use the ike ipsec proposals list command.
Example: ike ipsec proposals set ipcomp none myproposal
IKE IPSEC PROPOSALS SET LIFEDATA
Sets the proposal parameter that specifies the maximum number of kilobytes for the IPSec SA; 0 means unlimited.
After the maximum data is transferred, IKE renegotiates the connection. By limiting the amount of data that can
be transferred, you reduce the likelihood of the key being broken.