Ipsec Sa Commands (Except Manual Keys) - ZyXEL Communications UAG Series Reference Manual
Unified access gateway
Hide thumbs
Also See for UAG Series:
- User manual (323 pages) ,
- Cli reference manual (282 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
40.2.2 IPSec SA Commands (except Manual Keys)
This table lists the commands for IPSec SAs, excluding manual keys (VPN connections using VPN
gateways).
Table 122 crypto Commands: IPSec SAs
COMMAND
[no] crypto ignore-df-bit
show crypto map [map_name]
crypto map dial map_name
[no] crypto map map_name
activate
deactivate
adjust-mss {auto | <200..1500>}
ipsec-isakmp policy_name
encapsulation {tunnel | transport}
transform-set crypto_algo_esp
[crypto_algo_esp [crypto_algo_esp]]
transform-set crypto_algo_ah
[crypto_algo_ah [crypto_algo_ah]]
scenario {site-to-site-static|site-to-
site-dynamic|remote-access-server|remote-
access-client}
UAG CLI Reference Guide
DESCRIPTION
Fragment packets larger than the MTU (Maximum Transmission
Unit) that have the "don't" fragment" bit in the header turned on.
The
command has the UAG drop packets larger than the MTU
no
that have the "don't" fragment" bit in the header turned on.
Shows the specified IPSec SA or all IPSec SAs.
Dials the specified IPSec SA manually. This command does not
work for IPSec SAs using manual keys or for IPSec SAs where the
remote gateway address is 0.0.0.0.
Creates the specified IPSec SA if necessary and enters sub-
command mode. The
command deletes the specified IPSec SA.
no
Activates or deactivates the specified IPSec SA.
Set a specific number of bytes for the Maximum Segment Size
(MSS) meaning the largest amount of data in a single TCP
segment or IP datagram for this VPN connection or use auto to
have the UAG automatically set it.
Specifies the IKE SA for this IPSec SA and disables manual key.
Sets the encapsulation mode.
Sets the active protocol to ESP and sets the encryption and
authentication algorithms for each proposal.
crypto_algo_esp: esp-null-md5 | esp-null-sha | esp-null-sha256
| esp-null-sha512 | esp-des-md5 | esp-des-sha | esp-des-sha256
| esp-des-sha512 | esp-3des-md5 | esp-3des-sha | esp-3des-
sha256 | esp-3des-sha512 | esp-aes128-md5 | esp-aes128-sha |
esp-aes128-sha256 | esp-aes128-sha512 | esp-aes192-md5 |
esp-aes192-sha | esp-aes192-sha256 | esp-aes192-sha512 | esp-
aes256-md5 | esp-aes256-sha | esp-aes256-sha256 | esp-
aes256-sha512
Sets the active protocol to AH and sets the encryption and
authentication algorithms for each proposal.
crypto_algo_ah: ah-md5 | ah-sha | ah-sha256 | ah-sha512
Select the scenario that best describes your intended VPN
connection.
Site-to-site: The remote IPSec router has a static IP address or
a domain name. This UAG can initiate the VPN tunnel.
site-to-site-dynamic: The remote IPSec router has a dynamic
IP address. Only the remote IPSec router can initiate the VPN
tunnel.
remote-access-server: Allow incoming connections from IPSec
VPN clients. The clients have dynamic IP addresses and are also
known as dial-in users. Only the clients can initiate the VPN tunnel.
remote-access-client: Choose this to connect to an IPSec
server. This UAG is the client (dial-in user) and can initiate the VPN
tunnel.
Chapter 40 IPSec VPN
199
Advertisement
Table of Contents
