User guide

260 Chapter 5. Command Line Interface Reference

IKE PROPOSALS SET ENCRYPTION

Sets the IKE proposal parameter that requests ESP encryption and specifies the encryption method used. (See IKE

Proposal Commands, on page 125.)

ike proposals set encryption <DES | 3DES> <ProposalName>

One of the following:

DES Use DES (56-bit) encryption.

3DES Use 3DES (168-bit) encryption (if 3DES is enabled in the router; see Software Option Keys,

on page 99).

ProposalName Name of the IKE proposal to which the encryption parameter is added. To see the proposal

names in use, use the ike proposals list c ommand.

Example: ike proposals set encryption des my_ike_proposal

IKE PROPOSALS SET LIFETIME

Sets the IKE proposal parameter that specifies the length of time (in seconds) before the Phase 1 SA expires; the

recommended value is 86400 (24 hours). When the time limit expires, IKE renegotiates the connection. See IKE

Management, on page 121.

ike proposals set lifetime <seconds> <ProposalName>

seconds Maximum number of seconds before renegotiation; 0 means unlimited.

ProposalName Name of the IKE proposal to which the lifetime parameter is added. To see the proposal

names in use, use the ike proposals list command.

Example: ike proposals set lifetime 86400 my_ike_proposal

IKE PROPOSALS SET MESSAGE_AUTH

Sets the IKE proposal parameter that specifies the message authentication done. It can propose no message

authentication or authentication using the hash algorithm Message Digest 5 (MD5) or Secure Hash Algorithm-1

(SHA1).

ike proposals set message_auth <NONE | MD5 | SHA1> <ProposalName>

One of the following:

NONE No authentication.

MD5 Authenticate using the MD5 algorithm.

SHA1 Authenticate using the SHA1 algorithm.

ProposalName Name of the IKE proposal to which the message authentication parameter is added. To see

the proposal names in use, use the ike proposals list command.

Example: ike proposals set message_auth md5 my_ike_proposal