Product Documentation

ipsec profile

Sep 12, 2016

The following operations can be performed on "ipsec profile":

add | show | rm

add ipsec profile

Add an ipsec profile.

Synopsys

add ipsec profile <name> [-ikeVersion ( V1 | V2 )] [-encAlgo ( AES | 3DES ) ...] [-hashAlgo <hashAlgo> ...] [-lifetime <positive_integer>] (-psk | (-publickey <string> -privatekey <string> -peerPublicKey <string>)) [-livenessCheckInterval <positive_integer>] [-replayWindowSize <positive_integer>] [-ikeRetryInterval <positive_integer>] [-retransmissiontime <positive_integer>] [-perfectForwardSecrecy ( ENABLE | DISABLE )]

Arguments

name

The name of the ipsec profile

ikeVersion

IKE Protocol Version

Possible values: V1, V2

encAlgo

Type of encryption algorithm

hashAlgo

Type of hashing algorithm

lifetime

Lifetime of IKE SA in seconds. Lifetime of IPSec SA will be (lifetime of IKE SA/8)

Minimum value: 480

Maximum value: 31536000

psk

Pre shared key value

publickey

Public key file path

privatekey

Private key file path

peerPublicKey

Peer public key file path

livenessCheckInterval

Number of seconds after which a notify payload is sent to check the liveliness of the peer. Additional retries are done as per retransmit interval setting. Zero value disables liveliness checks.

Minimum value: 0

Maximum value: 64999

replayWindowSize

IPSec Replay window size for the data traffic

Minimum value: 0

Maximum value: 16384

ikeRetryInterval

IKE retry interval for bringing up the connection

Minimum value: 60

Maximum value: 3600

retransmissiontime

The interval in seconds to retry sending the IKE messages to peer, three consecutive attempts are done with doubled interval after every failure.

Minimum value: 1

Maximum value: 99

perfectForwardSecrecy

Enable/Disable PFS.

Possible values: ENABLE, DISABLE

show ipsec profile

Display all of the configured ipsec peers

Synopsys

show ipsec profile [<name>]

Arguments

name

The name of the ipsec profile

Outputs

ikeVersion

IKE Protocol Version

encAlgo

Type of encryption algorithm.

hashAlgo

Type of hashing algorithm

lifetime

Lifetime of IKE SA in seconds. Lifetime of IPSec SA will be (lifetime of IKE SA/8)

livenessCheckInterval

Number of seconds after which a notify payload is sent to check the liveliness of the peer. Additional retries are done as per retransmit interval setting. Zero value disables liveliness checks.

replayWindowSize

IPSec Replay window size for the data traffic

retransmissiontime

The interval in seconds to retry sending the IKE messages to peer, three consecutive attempts are done with doubled interval after every failure.

psk

Pre shared key value

publickey

Public key file path

privatekey

Private key file path

peerPublicKey

Peer public key file path

ikeRetryInterval

IKE retry interval for bringing up the connection

perfectForwardSecrecy

Enable/Disable PFS.

responderOnly

Responder Only config for IKED.

builtin

Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

devno

count

stateflag

Example

show ipsec profile

rm ipsec profile

Remove an ipsec peer

Synopsys

rm ipsec profile <name>

Arguments

name

The name of the ipsec profile.

Example

rm ipsec profile