Chapter 4

Configuration via the Command Line Interface

4.3.4 Set or Modify the Peer Descriptor Parameters

modify command The ipsec peer descriptor modify command sets or modifies the Peer Security Descriptor parameters.

Example In this example, the parameters of the previously defined Peer Security Descriptor peerdes1 are set to the following values:

crypto = AES keylen = 128 integrity = MD5 group = MODP1536 lifetime secs = 84600

[ipsec peer descriptor]=>modify

 

name = peerdes1

 

 

[crypto] =

3DES

AES

DES

[crypto] = AES

 

 

keylen =

192

256

128

keylen = 128

 

 

[integrity] =

SHA1

 

MD5

 

[integrity] = MD5

 

 

[group] =

MODP1024

MODP1536

MODP768

[group] = MODP1536

 

 

[lifetime_secs] = 84600

 

 

:IPSec peer descriptor modify name=peerdes1 crypto=AES keylen=128 integrity=MD5 group=MODP1536 lifetime_secs=84600

[ipsec peer descriptor]=>

The parameters of the pre-defined descriptors can also be changed with the modify command. Use this feature for example if you want to change the lifetime parameter only.

The descriptors must match at both peers in order to have a successful outcome of the Phase 1 negotiation.

116

E-DOC-CTC-20051017-0169 v0.1

 

Page 118
Image 118
Nortel Networks 620, 608(WL) manual Set or Modify the Peer Descriptor Parameters, Name = peerdes1