Ipsec Sa Commands (Except Manual Keys) - ZyXEL Communications UAG Series Cli Reference Manual

Chapter 19 IPSec VPN
Table 68 isakmp Commands: IKE SAs (continued)
COMMAND
group1
group2
group5
[no] natt
local-ip {ip {ip | domain_name} |
interface interface_name}
peer-ip {ip | domain_name} [ip |
domain_name]
keystring pre_shared_key
local-id type {ip ip | fqdn domain_name |
mail e_mail | dn distinguished_name}
peer-id type {any | ip ip | fqdn
domain_name | mail e_mail | dn
distinguished_name}
[no] xauth type {server xauth_method |
client name username password password}
isakmp policy rename policy_name policy_name

19.2.2 IPSec SA Commands (except Manual Keys)

This table lists the commands for IPSec SAs, excluding manual keys (VPN connections using VPN
gateways).
Table 69 crypto Commands: IPSec SAs
COMMAND
[no] crypto ignore-df-bit
show crypto map [map_name]
crypto map dial map_name
[no] crypto map map_name
130
DESCRIPTION
Sets the DHx group to the specified group.
Enables NAT traversal. The
Sets the local gateway address to the specified IP address, domain
name, or interface.
Sets the remote gateway address(es) to the specified IP
address(es) or domain name(s).
Sets the pre-shared key that can be used for authentication. The
pre_shared_key can be:
• 8 - 32 alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./
<>=-".
• 16 - 64 hexadecimal (0-9, A-F) characters, preceded by "0x".
The pre-shared key is case-sensitive.
Sets the local ID type and content to the specified IP address,
domain name, or e-mail address.
Sets the peer ID type and content to any value, the specified IP
address, domain name, or e-mail address.
Enables extended authentication and specifies whether the UAG is
the server or client. If the UAG is the server, it also specifies the
extended authentication method (
profile_name); if the UAG is the client, it also specifies the
username and password to provide to the remote IPSec router. The
command disables extended authentication.
no
username: You can use alphanumeric characters, underscores (_),
and dashes (-), and it can be up to 31 characters long.
password: You can use most printable ASCII characters. You cannot
use square brackets [ ], double quotation marks ("), question marks
(?), tabs or spaces. It can be up to 31 characters long.
Renames the specified IKE SA (first policy_name) to the specified
name (second policy_name).
DESCRIPTION
Fragment packets larger than the MTU (Maximum Transmission
Unit) that have the "don't" fragment" bit in the header turned on.
The command has the UAG drop packets larger than the MTU
no
that have the "don't" fragment" bit in the header turned on.
Shows the specified IPSec SA or all IPSec SAs.
Dials the specified IPSec SA manually. This command does not
work for IPSec SAs using manual keys or for IPSec SAs where the
remote gateway address is 0.0.0.0.
Creates the specified IPSec SA if necessary and enters sub-
command mode. The command deletes the specified IPSec SA.
no
command disables NAT traversal.
no
aaa authentication
UAG CLI Reference Guide