Appendix A: IPSec Configuration File
128 NI Series WebConsole & Programming Guide
SpdSetPropAttrib

SpdSetPropAttrib

NAME spdSetPropAttrib– set attributes of an IKE Phase 2 proposal
SYNOPSIS spdSetPropAttrib=pConfStr
DESCRIPTION This rule sets or modifies the attributes of an existing IKE Phase 2 proposal.
Rule Value:
pConfStr
A stringValue specifier formatted as follows:
proposalName,attributeType,attributeValue[,attributeType,
attributeValue...]
- proposalName is the name of an existing Phase 2 proposal.
- attributeType is an attribute type from the table below.
- attributeValue is an attribute value from the table below.
Attribute Type Attribute Value
• ANTIREPLAY DISABLED or ENABLED (default)
• DHGROUP NONE (default) for no PFS, G1 for D-H Group 1, G2 for D-H Group 2
• ENCAP TUNNEL or TRANSPORT
• UNITOFTIME SECS (default), MINS, or HRS
• HARDLIFETIME Default is 28800 seconds.
attributeValue is converted to seconds.
If attributeValue > 0 and attributeValue <
PHASE2_MIN_HARD_LIFE_IN_SECS then it defaults to
PHASE2_MIN_HARD_LIFE_IN_SECS, which is defined to be 120
seconds.
Behavior is undefined if attributeValue=0.
• SOFTLIFETIME Default is 75% of HARDLIFETIME.
attributeValue is converted to seconds.
If attributeValue > 0 and attributeValue <
PHASE2_MIN_SOFT_LIFE_IN_SECS then it defaults to
PHASE2_MIN_SOFT_LIFE_IN_SECS, which is defined to be
90 seconds.
Behavior is undefined if attributeValue=0.
• HARDLIFESIZE Default is 4608000 KB.
If attributeValue > 0 and attributeValue <
PHASE2_MIN_HARD_LIFE_IN_KB then it defaults to
PHASE2_MIN_HARD_LIFE_IN_KB, which is defined to be 2560 KB.
Behavior is undefined if attributeValue=0.
• SOFTLIFESIZE 0 for no lifesize; default is 75% of HARDLIFESIZE.
If attributeValue > 0 and attributeValue <
PHASE2_MIN_SOFT_LIFE_IN_KB then it defaults to
PHASE2_MIN_SOFT_LIFE_IN_KB, which is defined to be 1920 KB.
Behavior is undefined if attributeValue=0.
• PSKEEPALIVE DISABLED, ENABLED, or GLOBAL (default)
Sets the keep-alive flag for protection suites created using this proposal.
If you choose ENABLED, all protection suites derived from this proposal
will renew when their soft lifetimes expire. If you choose GLOBAL, the
global keep-alive flag will be consulted when soft lifetimes expire.