set vpn

IKE/ISAKMP SA Phase 1 options

set vpn phase1

Specifies that the “set vpn” command is for configuring a VPN Phase 1 options.

index=1-2

The index number for an existing VPN tunnel.

state={enableddisabled}

Whether the VPN tunnel is enabled or disabled. You can use this option when creating several tunnels, where only one would be used initially. In that case, you would add a disabled tunnel for future use and enable it on a subsequent “set vpn” command.

auth_method={shared_keydssrsa}

The authentication method used by the VPN tunnel.

shared_key

Authentication is performed by using a key that secures the VPN tunnel, where the key is either an ASCII alphanumeric value or a hexadecimal value.

dss

Authentication is performed using Digital Signature Standard (DSS).

rsa

Authentication is performed using RSA, which uses a combination of sender’s and receiver’s public and private keys.

authentication={md5sha1}

The authentication algorithm used in IKE negotiations to authenticate the IKE peers and Security Associations (SAs).

md5

MD5 authentication algorithm, which uses 128-bit keys.

sha1

SHA1 authentication algorithm, which uses 160-bit keys.

encryption={des3desaes}

The encryption algorithm used in IKE negotiations for encrypting data.

des

DES encryption algorithm, which uses 64-bit keys.

3des

3DES encryption algorithm, which uses 192-bit keys.

aes

AES encryption algorithm, which uses 128-bit keys.

encryption_size={0128192256}

The encryption key length, in bits, used in IKE negotiations for encrypting data. The key length is based on the encryption algorithm and is used to calculate and create the shared key.

238

Chapter 2 Command Descriptions

Page 238
Image 238
Digi 90000566_H manual Set vpn phase1, Authmethod=sharedkeydssrsa, Sharedkey, Dss, Rsa, Authentication=md5sha1