User guide
227
CONFIG Commands
set security ipsec tunnels name "123" dest-int-network
ip-address
Specifies the IP address of the destination computer or internal network.
set security ipsec tunnels name "123" dest-int-netmask
netmask
Specifies the subnet mask of the destination computer or internal network. The subnet
mask specifies which bits of the 32-bit IP address represents network information. The
default subnet mask for most networks is 255.255.255.0 (class C subnet mask).
Parameter Description
The following table describes parameters used for an IPSec VPN tunnel configuration:
Auth Protocol Authentication Protocol for IP packet header. The three parameter values
are None, Encapsulating Security Payload (ESP) and Authentication
Header (AH)
DH Group Diffie-Hellman is a public key algorithm used between two systems to
determine and deliver secret keys used for encryption. Groups 1, 2 and 5
are supported.
Encrypt Protocol Encryption protocol for the tunnel session.
Parameter values supported include NONE or ESP.
Hard MBytes Setting the Hard MBytes parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Hard MByte value.
The value can be configured between 1 and 1,000,000 MB and refers to
data traffic passed.
Hard Seconds Setting the Hard Seconds parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Hard Seconds value. The
value can be configured between 60 and 1,000,000 seconds
Key Management The Key Management algorithm manages the exchange of security keys
in the IPSec protocol architecture.
IPSec VPN supports the standard Inter-
net Key Exchange (IKE)
Peer External IP
Address
The Peer External IP Address is the public, or routable IP address of the
remote gateway or VPN server you are establishing the tunnel with.
Peer Internal IP
Network
The Peer Internal IP Network is the private, or Local Area Network (LAN)
address of the remote gateway or VPN Server you are communicating
with.