Table of Contents
Advertisement
4.5.4 Set the Connection Security Descriptor
modify command
Example
E-DOC-CTC-20051017-0169 v0.1
Parameters
ipsec connection descriptor modify
The
the connection descriptor parameters.
The Descriptors must match at both tunnel ends in order to have a
successful outcome of the Phase 2 negotiation.
In this example, the parameters of the previously defined Connection Security
Descriptor cnctdes1 are set to the following values:
crypto = AES
key length = 128
integrity = HMAC-MD5
Perfect Forward Secrecy = disabled
lifetime secs = 3600
lifetime kbytes = 10000
Encapsulation mode = tunnel mode
[ipsec connection descriptor]=>modify
name = cnctdes1
[crypto] =
DES
3DES
AES
NULL
[crypto] = AES
keylen =
128
keylen = 128
[integrity] =
HMAC-MD5
HMAC-SHA1
[integrity] = HMAC-MD5
[pfs] = disabled
[lifetime_secs] = 3600
[lifetime_kbytes] = 10000
[encapsulation] = tunnel
:ipsec connection descriptor modify name=cnctdes1 crypto=AES keylen=128
integrity=HMAC-MD5 lifetime_secs=3600 lifetime_kbytes=10000
[ipsec connection descriptor]=>
The parameters of the pre-defined descriptors can also be changed with the
modify command. Use this feature for example if you want to change the
lifetime parameter only.
The descriptors must match at both peers in order to have a successful
outcome of the Phase 2 negotiation.
Configuration via the Command Line Interface
command sets or modifies
192
Chapter 4
256
133
Advertisement
Table of Contents
