Ipv4 Ipsec Sa Commands (Except Manual Keys) - ZyXEL Communications ZYWALL USG Series Reference Manual
Security firewalls
Hide thumbs
Also See for ZYWALL USG Series:
- Application notes (187 pages) ,
- Application note (184 pages) ,
- User manual (150 pages)
Table of Contents
Advertisement
Chapter 28 IPSec VPN
Table 101 isakmp Commands: IKE SAs (continued)
COMMAND
group1
group2
group5
group14
[no] natt
local-ip {ip {ip | domain_name} |
interface interface_name}
peer-ip {ip | domain_name} [ip |
domain_name]
keystring pre_shared_key
local-id type {ip ip | fqdn domain_name |
mail e_mail | dn distinguished_name}
peer-id type {any | ip ip | fqdn
domain_name | mail e_mail | dn
distinguished_name}
[no] xauth type {server auth_method |
client name username password password}
isakmp policy rename policy_name policy_name
28.2.2 IPv4 IPSec SA Commands (except Manual Keys)
This table lists the commands for IPSec SAs, excluding manual keys (VPN connections using VPN
gateways).
Table 102 crypto Commands: IPSec SAs
COMMAND
[no] crypto ignore-df-bit
show crypto map [map_name]
188
DESCRIPTION
Sets the DHx group to the specified group.
Enables NAT traversal. The
Sets the local gateway address to the specified IP address, domain
name, or interface.
Sets the remote gateway address(es) to the specified IP
address(es) or domain name(s).
Sets the pre-shared key that can be used for authentication. The
pre_shared_key can be:
•
8 - 32 alphanumeric characters or ,;|`~!@#$%^&*()_+\{}':./
<>=-".
•
16 - 64 hexadecimal (0-9, A-F) characters, preceded by "0x".
The pre-shared key is case-sensitive.
Sets the local ID type and content to the specified IP address,
domain name, or e-mail address.
Sets the peer ID type and content to any value, the specified IP
address, domain name, or e-mail address.
Enables extended authentication and specifies whether the ZyWALL
/ USG is the server or client. If the ZyWALL / USG is the server, it
also specifies the extended authentication method (
profile_name); if the ZyWALL / USG is the
authentication
client, it also specifies the username and password to provide to the
remote IPSec router. The
no
authentication.
username: You can use alphanumeric characters, underscores (_),
and dashes (-), and it can be up to 31 characters long.
password: You can use most printable ASCII characters. You cannot
use square brackets [ ], double quotation marks ("), question marks
(?), tabs or spaces. It can be up to 31 characters long.
Renames the specified IKE SA (first policy_name) to the specified
name (second policy_name).
DESCRIPTION
Fragment packets larger than the MTU (Maximum Transmission
Unit) that have the "don't" fragment" bit in the header turned on.
The
command has the ZyWALL / USG drop packets larger than
no
the MTU that have the "don't" fragment" bit in the header turned
on.
Shows the specified IPSec SA or all IPSec SAs.
ZyWALL / USG (ZLD) CLI Reference Guide
command disables NAT traversal.
no
aaa
command disables extended
Hide quick links:
Advertisement
Table of Contents
