Motorola Netopia® Router Connection Profile Commands 3-31

cp { name index } ipsec dead-peer-detection ping-reply-timeout 1..65535 show cp { name index } ipsec dead-peer-detection ping-reply-timeout

Note: These commands are supported beginning with firmware version 8.2

These commands allow you to specify or show the maximum period of time (in seconds) an IPsec tunnel endpoint will wait for the peer’s response to its earliest ping request. If the peer does not respond within this period, it is deemed to be a dead peer tunnel. Default is 90 seconds.

cp { name index } ipsec idle-timeout{ non-negative-integer none } show cp { name index } ipsec idle-timeout

no cp { name index } ipsec idle-timeout

These commands set or display the idle timeout associated with the specified IPSec connection profile. If the IPSec key-managerassociated with the connection profile is manual, then the idle-timeout value is meaningful only if the remote sg is 0.0.0.0 or the empty string. In that case, the idle-timeout value specifies the period in seconds during which the SPI (or SPIs) are bound to a particular remote peer in the absence of outbound traffic through the IPSec tunnel. The value zero (or the keyword none) causes the SPI (or SPIs) to be permanently bound to the first remote peer that sends traffic through the tunnel using the SPI (or SPIs). If the IPSec key-managerassociated with the connection profile is ike, then the idle-timeout value specifies the period prior to SA expiration during which there must be at least one outbound packet through the IPSec tunnel for a re-key to be performed one second prior to SA expiration. The value zero (or the keyword none) indicates that a re-key should always be performed one second prior to SA expiration even if there has been no outbound traffic through the tunnel.

cp { name index } ipsec key-manager { manual ike } show cp { name index } ipsec key-manager

These commands set or display the IPSec key manager associated with the specified connection profile.

cp { name index } ipsec ike phase1 { name index none } show cp { name index } ipsec ike phase1

no cp { name index } ipsec ike phase1

These commands set, display, or disable the IKE Phase1 profile associated with the specified connection profile. The IKE Phase1 profile may be specified either by index or by name.

cp { name index } ipsec pfs { yes no } show cp { name index } ipsec pfs

no cp { name index } ipsec pfs

These commands set, display, or change the Phase 2 perfect forward secrecy setting for the specified IPsec Phase 2 profile.

Page 174 Page 176
Page 175
Image 175
Netopia CLI 874 manual Motorola Netopia Router Connection Profile Commands
Page 174 Page 176
Top Page Image Contents