Netopia CLI 874 Cli Reference Manual page 175

Motorola Netopia® Router Connection Profile Commands 3-31
cp { name | index } ipsec dead-peer-detection ping-reply-timeout 1..65535
show cp { name | index } ipsec dead-peer-detection ping-reply-timeout
Note:
These commands are supported beginning with firmware version 8.2
These commands allow you to specify or show the maximum period of time (in seconds) an IPsec tunnel
endpoint will wait for the peer's response to its earliest ping request. If the peer does not respond within this
period, it is deemed to be a dead peer tunnel. Default is 90 seconds.
cp { name | index } ipsec idle-timeout { non-negative-integer | none }
show cp { name | index } ipsec idle-timeout
no cp { name | index } ipsec idle-timeout
These commands set or display the idle timeout associated with the specified IPSec connection profile. If the
IPSec key-manager associated with the connection profile is manual, then the idle-timeout value is meaningful
only if the remote sg is 0.0.0.0 or the empty string. In that case, the idle-timeout value specifies the period in
seconds during which the SPI (or SPIs) are bound to a particular remote peer in the absence of outbound traffic
through the IPSec tunnel. The value zero (or the keyword none) causes the SPI (or SPIs) to be permanently
bound to the first remote peer that sends traffic through the tunnel using the SPI (or SPIs). If the IPSec
key-manager associated with the connection profile is ike, then the idle-timeout value specifies the period prior
to SA expiration during which there must be at least one outbound packet through the IPSec tunnel for a re-key
to be performed one second prior to SA expiration. The value zero (or the keyword none) indicates that a re-key
should always be performed one second prior to SA expiration even if there has been no outbound traffic
through the tunnel.
cp { name | index } ipsec key-manager { manual | ike }
show cp { name | index } ipsec key-manager
These commands set or display the IPSec key manager associated with the specified connection profile.
cp { name | index } ipsec ike phase1 { name | index | none }
show cp { name | index } ipsec ike phase1
no cp { name | index } ipsec ike phase1
These commands set, display, or disable the IKE Phase1 profile associated with the specified connection
profile. The IKE Phase1 profile may be specified either by index or by name.
cp { name | index } ipsec pfs { yes | no }
show cp { name | index } ipsec pfs
no cp { name | index } ipsec pfs
These commands set, display, or change the Phase 2 perfect forward secrecy setting for the specified IPsec
Phase 2 profile.