Ike - Ericsson HL950 Administrator's Manual

Multi service edge device

Hide thumbs Also See for HL950:

Quick installation manual (20 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

Table of Contents

Multi Service Edge Device HL950

Administrator's Guide

PADJ<NUM>: Adjacent policy number to add before or after. This is required in conjunction

with the MOVE command or the PPOS command when BEFORE or AFTER is specified.

MOVE<STR>: Move policy in table (UP or DOWN).

6.6.6

IKE

Used to control the IKE (Internet Key Exchange) service.

Authority: ADMIN

Prefixes

Parameters and Descriptions

NAME<STR>: Policy name. Any unique arbitrary string for policy identification.

SHOW

TYPE<STR>: Response type; INIT, RESP, or BOTH. Whether the security can only

ADD

DEL

initialize, only respond, or can both initialize and respond to IKE exchanges.

MODE<STR>: IKE mode; MAIN or AGGR. Main mode involves more round trips but

provides inherent identity protection. Aggressive mode is used where fewer round trips are

desirable. Using public Key Exchange to authenticate an aggressive exchange will also

provide identity protection.

LIDT<STR>: Local Security Gateway Identifier type; IPV4, FQDN, UFQDN, or DASN1.

This is used to identify the local security gateway during key exchange. You may use IPV4,

a version 4 IP address, FQDN, a fully qualified domain name, UFQDN, a user-fully qualified

domain name, or an ASN1 domain name.

LIDD<STR>: Local Security Gateway Identifier. This is the local security gateway identifier

used during IKE.

RIDT<STR>: Remote Security Gateway Identifier type; IPV4, FQDN, UFQDN or DASN1.

This is used to identify the peer security gateway during key exchange. You may use IPV4, a

version 4 IP address, FQDN, a fully qualified domain name, UFQDN, a user-fully qualified

domain name, or an ASN1 domain name.

RIDD<STR>: Remote Security Gateway Identifier. This is the remote security gateway

identifier used during IKE.

ETYP<STR>: Encryption algorithm; DES, 3DES, or AES

ATYP<STR>: Authentication algorithm; MD5 or SHA1

DHGR<STR>: Diffie-Hellman group (MODP768 or MODP1024) for perfect forward secrecy

PFS<BOOL>: Perfect forward secrecy

LSGW<IP>: Local security gateway IP address

RSGW<IP>: Remote Security gateway IP address

AMODE<STR>: Authentication mode; PKEY, RSA, or DSS. The authentication mode may

be pre-shared (which is supplied by the user in PKEY), RSA signature, or DSS (Digital

Signature Standard) signature.

LIFT<NUM>: Lifetime in seconds of each key generated after which a new key is generated.

You may specify either LIFT or LIKB.

LIKB<NUM>: Lifetime in kilobytes of each key generated after which a new key is

generated. You may specify either LIKB or LIFT.

PKEY<STR>: Pre-shared key (for PKEY authentication mode). The users on both sides

share this key. It is a string of 16 characters for MD5 and 20 characters for SHA1

authentication.

ATTR<BOOL>: Whether to display attribute information

ALL<BOOL>: Whether to delete all IKE associations

EN/LZT 108 5995 R3

June 2003

Page 116 (159)

Table of Contents

This manual is also suitable for:

Zat 759 63/a101 Zat 759 63/a2011 Zat 759 63/a2012 Zat 759 63/a301

Ike - Ericsson HL950 Administrator's Manual

IKE

Related Manuals for Ericsson HL950

Related Products for Ericsson HL950

This manual is also suitable for:

Table of Contents