Ipsec Sa Commands (Except Manual Keys) - ZyXEL Communications ZyWall Reference Manual
Hide thumbs
Also See for ZyWall:
- Support note (44 pages) ,
- Troubleshooting manual (26 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
Chapter 17 IPSec VPN
Table 71 isakmp Commands: IKE SAs (continued)
COMMAND
group1
group2
group5
[no] natt
local-ip {ip {ip | domain_name} |
interface interface_name}
peer-ip {ip | domain_name} [ip |
domain_name]
keystring pre_shared_key
local-id type {ip ip | fqdn domain_name |
mail e_mail | dn distinguished_name}
peer-id type {any | ip ip | fqdn
domain_name | mail e_mail | dn
distinguished_name}
[no] xauth type {server xauth_method |
client name username password password}
isakmp policy rename policy_name policy_name
17.2.2 IPSec SA Commands (except Manual Keys)
This table lists the commands for IPSec SAs, excluding manual keys (VPN connections using VPN
gateways).
Table 72 crypto Commands: IPSec SAs
COMMAND
[no] crypto ignore-df-bit
show crypto map [map_name]
crypto map dial map_name
[no] crypto map map_name
144
DESCRIPTION
Sets the DHx group to the specified group.
Enables NAT traversal. The
Sets the local gateway address to the specified IP address, domain
name, or interface.
Sets the remote gateway address(es) to the specified IP
address(es) or domain name(s).
Sets the pre-shared key that can be used for authentication. The
pre_shared_key can be:
•
8 - 32 alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./
<>=-".
•
16 - 64 hexadecimal (0-9, A-F) characters, preceded by "0x".
The pre-shared key is case-sensitive.
Sets the local ID type and content to the specified IP address,
domain name, or e-mail address.
Sets the peer ID type and content to any value, the specified IP
address, domain name, or e-mail address.
Enables extended authentication and specifies whether the ZyWALL
is the server or client. If the ZyWALL is the server, it also specifies
the extended authentication method (
profile_name); if the ZyWALL is the client, it also specifies the
username and password to provide to the remote IPSec router. The
command disables extended authentication.
no
username: You can use alphanumeric characters, underscores (_),
and dashes (-), and it can be up to 31 characters long.
password: You can use most printable ASCII characters. You cannot
use square brackets [ ], double quotation marks ("), question marks
(?), tabs or spaces. It can be up to 31 characters long.
Renames the specified IKE SA (first policy_name) to the specified
name (second policy_name).
DESCRIPTION
Fragment packets larger than the MTU (Maximum Transmission
Unit) that have the "don't" fragment" bit in the header turned on.
The
command has the ZyWALL drop packets larger than the
no
MTU that have the "don't" fragment" bit in the header turned on.
Shows the specified IPSec SA or all IPSec SAs.
Dials the specified IPSec SA manually. This command does not
work for IPSec SAs using manual keys or for IPSec SAs where the
remote gateway address is 0.0.0.0.
Creates the specified IPSec SA if necessary and enters sub-
command mode. The
command deletes the specified IPSec SA.
no
command disables NAT traversal.
no
aaa authentication
ZyWALL (ZLD) CLI Reference Guide
- Quick Links:
- Command Line Interface
Hide quick links:
Advertisement
Table of Contents
