2-128 Command Line Interface Commands Reference
ike phase1 { name index }
no ike phase1 { name index }
These commands set or display the specified IKE Phase1 profile’s send
ike phase1 { name index } negotiation { normal
These commands set or display the specified IKE Phase1 profile’s negotiation setting.
ike phase1 { name index } pfs { yes no } show ike phase1 { name index } pfs
no ike phase1 { name index } pfs
These commands set, display, or disable the specified IKE Phase1 profile’s perfect forward secrecy setting.
ike phase1 { name index } port policy { "strict" "permissive" } show ike phase1 { name index } port policy
These commands set or display whether or not IKE requires packets to originate from the IANA port (500).
ike phase1 { name index } sa lifetime { seconds kbytes } {
no ike phase1 { name index } sa lifetime [ { seconds kbytes } ]
These commands set, display, or disable one or both of the specified IKE Phase1 profile’s two SA lifetimes (in seconds and/or kilobytes protected). Specifying neither the keyword seconds nor the keyword kbytes with the show variant of this command displays both lifetime values. The keyword none is equivalent to the value zero, and indicates that there is no lifetime of the specified type. The Phase1 SA lifetime minimum is 300 (seconds) and the maximum is 1 (leap) year (31622400 seconds).
Note: It is a
none.
ike phase1 { name index } sa
These commands set or display the specified IKE Phase1 profile’s SA use policy.
ike phase1 { name index }
no ike phase1 { name index }
These commands set, display, or disable the specified IKE Phase1 profile’s send
