Chapter 3. Command Reference

name an IKE

Use configure terminal vpn ike proposal to create an IKE proposal, which also opens the context for

proposal and

that proposal. In this example, an IKE proposal named london is created, and the next command line

enter its

is in the context of that proposal:

context

 

 

hostname# conf t vpn ike add london

 

hostname# conf t vpn ike proposal london

 

hostname(london)#

configure

Use phase1-encryptionwithin the context of the IKE proposal to configure phase 1 encryption. In

phase 1

this example, phase 1 encryption to 3DES-CBC is set in the context of the proposal named london:

encryption

 

 

hostname# conf t vpn ike proposal london

 

hostname(london)# phase1-encryption 3des-cbc

 

 

 

conf t vpn ipsec

 

The configure terminal vpn ipsec command configures an IPSec VPN tunnel.

 

Note: The name “Default” represents the default SA (Security Association).

 

In the command-line interface, you cannot renegotiate or delete a Security

 

Association terminating on the device if that device did not initiate that Security

 

Association.

 

add name

 

configures the name for a new Security Association.

 

disable

 

disables IPSec.

 

enable

 

enables IPSec.

 

remove name

 

deletes the configuration of a Security Association.

 

sa name

 

takes you into the context of the named Security Association.

 

delete

 

brings down any tunnels using this Security Association.

 

disable

 

disables this Security Association.

 

enable

 

enables this Security Association.

74 X Family CLI Reference V 2.5.1