Siemens RUGGEDCOM ROX II User Manual page 503

RUGGEDCOM ROX II
CLI User Guide
Parameter
pfs { pfs }
keylife { keylife }
ike-lifetime { ike-lifetime }
l2tp
monitor-interface { monitor-interface }
4. If required, enable and configure dead peer detection. For more information, refer to
"Configuring Dead Peer
5. If required, configure the Internet Key Exchange (IKE) protocol by adding one or more algorithms. For more
information, refer to
6. If required, configure Encapsulated Security Payload (ESP) encryption for the connection. For more
information, refer to
7. If required, configure the left (local router) and right (remote router) ends of the connection. For more
information, refer to
8. If required, configure L2TP tunnels. For more information, refer to
Tunnels".
9. If certificates and keys are required, make sure they are configured on the device. For more information,
refer to Section 5.29.3, "Configuring Certificates and
10. Type commit and press Enter to save the changes, or type revert and press Enter to abort.
Adding a Connection
Detection".
Section 5.29.7.2, "Adding an IKE Algorithm"
Section 5.29.8, "Managing the Encapsulated Security Payload (ESP) Protocol"
Section 5.29.9, "Configuring the Connection Ends"
Description
Synopsis: { default, yes, no }
Default: default
Enables/disables Perfect Forwarding Secrecy (PFS). When
enabled, IPsec negotiates new keys for each session. If an
attacker compromises a key, only the session protected by the
key is revealed. Not all clients support PFS. The default value is
'yes' unless overwritten by the default connection setting.
Synopsis: { default } or an integer between 1081 and 31104000
Default: default
The lifetime in seconds for the Security Association (SA) key.
This determines how long a particular instance of a connection
should last, from successful negotiation to expiry. Normally, the
connection is renegotiated before it expires. The default value is
28800 unless overwritten by the default connection setting. Peers
can specify different lifetime intervals. However, if peers do not
agree, an excess of superseded connections will occur on the
peer that believes the SA lifetime is longer.
Synopsis: { default } or an integer between 60 and 86400
Default: default
The lifetime in seconds for for the IKE protocol. This determines
how long the IKE keying channel of a connection should last
before being renegotiated. The default value is 3600 unless
overwritten by the default connection setting. Peers can specify
different lifetime intervals. However, if peers do not agree, an
excess of superseded connections will occur on the peer that
believes the IKE lifetime is longer.
Synopsis: typeless
Enables/disables L2TP for this connection.
The interface to monitor. If the selected interface goes down and
then up, this connection will be restarted.
Section 5.31.2, "Configuring L2TP
Keys".
Chapter 5
Setup and Configuration
Section 5.29.6.3,
465