configure

locks out an

Use cft user option lockout-periodto set the number of minutes that a user is locked out after the

account for

maximum number of failed login attempts. In this example, the lockout period is 3 minutes:

three minutes

 

 

hostname# cft user option lockout-period 3

locks out an

Use cft user option max-attemptsto set the maximum number of failed login attempts on user

account after

accounts. In this example, the maximum number of attempts is 5:

five attempts

 

 

hostname# cft user option max-attempts 5

change the

Use cft user options expire-periodto change the password expiration period. In this example, the

password

expiration period is 30 days:

expiration

 

period

hostname# cft user options expire-period 30

remove a user

Use cft user remove to remove a user account. In this example, the account kwalker is removed:

login

 

 

hostname# cft user remove kwalker

 

 

 

conf t vpn debug

 

The configure terminal vpn debug command control VPN debugging.

 

logging < disable enable >

 

disables or enables logging of all VPN-related events to the system log.

 

 

 

conf t vpn ike

 

The configure terminal vpn ike command adds and configures Internet Key Exchange (IKE)

 

proposals.

 

add proposal-name

 

adds an IKE proposal.

 

local-id [domain domain-name email email-address]

 

configures the local ID with a domain name and email address.

 

proposal proposal-name

 

takes you into the context of that IKE proposal.

 

aggressive-mode < enable disable >

 

enables aggressive mode for authentication.

 

auth-type < psk x509 >

 

selects the authentication type: pre-shared key or X.509 certificates.

 

auto-connect < enable disable >

 

enables phase 1 auto-connect. Use auto-connect if you want to initiate the VPN

 

upon startup with IKE phase 1 proposals automatically established.

X Family CLI Reference V 2.5.1

71