set vpn
Chapter 2 Command Descriptions 229
• Configure IKE/ISAKMP SA Phase 1 and Phase 2 options, which create
an authenticated secure channel and specify how IKE negotiates
security associations (SAs).
• Display current VPN settings.
Required
permissions For Digi Connect products with two or more users, to use this command,
permissions must be set to one of the following:
• For a user to display VPN settings: “set permissions s-vpn=read”
• For a user to display and set VPN settings: “set permissions s-vpn=rw”
See "set permissions" on page 157 for details on setting user permissions
for commands.
Syntax Set global VPN options
set vpn global
[mode={main|aggressive}]
[identity={fqdn|user fqdn|ip address}]
[dh_group={1|2|5}]
[pfs={on|off}]
[antireplay={on|off}]
Set VPN tunnel options
syntax: set vpn tunnel [tunnel options]
[manually-keyed options]
[isakmp options]
Where:
[tunnel options]:
[index={1-2 (for Connect WAN products)|1-5 (for ConnectPort
products)}]
[name=tunnel name]
[newname=tunnel name]
[mode={disabled|manually-keyed|isakmp}]
[remote_vpn_endpoint=(fqdn|ip address}]
[remote_tunnel_addr=ip address]
[remote_tunnel_mask=subnet mask]
[remote_tunnel_range=ip address-ip address]
[local_tunnel_addr=ip address]
[local_tunnel_mask=subnet mask]
[local_tunnel_range=ip address-ip address]
[manually-keyed options]:
mode=manually-keyed
[inbound_spi=256 - 2^32) (Please see option details below)
[inbound_authentication={none|md5|sha1}]
[inbound_auth_key={ascii key|hex key}]
[inbound_encryption={none|des|3des|aes}]
[inbound_enc_key={ascii key|hex key}]
[outbound_spi=256-2^32] (Please see option details below)
[outbound_authentication={none|md5|sha1}]
[outbound_auth_key={ascii key|hex key}]
[outbound_encryption={none|des|3des|aes}]
[outbound_enc_key={ascii key|hex key}]