Table of Contents
Advertisement
IPSec Commands
EXAMPLES:
Example of a Phase 1 ISAKMP security descriptor:
=>ipsec descriptor add
name=DESC_Test
phase=IKE
value=IDENTITY AES MD5 DHGROUP 2 MINUTES 300 or 3DES SHA1 DHGROUP 2 MINUTES 300
=>
Example of a Phase 2 IPSec security descriptor:
=>ipsec descriptor add
name=DESC_Test1
phase=IPSEC
value=ESP AES HMAC MD5 MINUTES 300
=>
Example of a Phase 2 IPSec security descriptor with several OR statements:
=>ipsec descriptor add
name=DESC_Test2
phase=IPSEC
value=ESP DES HMAC MD5 MINUTES 3600
or ESP DES HMAC SHA1 MINUTES 3600
or ESP AES HMAC MD5 MINUTES 3600
=>
Example of a Phase 2 IPSec security descriptor with mixed AND and OR statements:
=>ipsec descriptor add
name=DESC_Test3
phase=IPSEC
value=ESP DES
and AH HMAC SHA1
or ESP DES
and AH HMAC SHA1
and IPCOMP LZS
=>
The example above shows the priority of AND above OR: the descriptor specifies the use of ESP DES and
Note
AH HMAC SHA1, either with or without LZS, but preferably without.
Example showing the default Phase 1 and Phase 2 security descriptors:
=>ipsec descriptor list
def_ike
(IKE)
: "identity 3des sha1 minutes 60 dhgroup 1"
def_auth
(IPSEC) : "esp null hmac md5 minutes 1440"
def_encrypt(IPSEC) : "esp aes hmac md5 minutes 60 or esp 3des hmac md5 minutes 60"
=>
RELATED COMMANDS:
ipsec descriptor delete
ipsec descriptor list
278
Delete a security descriptor.
Show a list of available security descriptors.
E-DOC-CTC-20040216-0002 v1.0
- Quick Links:
- Accessing the Command Line Interface
Hide quick links:
Advertisement
Table of Contents
