
Chapter 4
Configuration via the Command Line Interface
4.3.4 Set or Modify the Peer Descriptor Parameters
modify command The ipsec peer descriptor modify command sets or modifies the Peer Security Descriptor parameters.
Example In this example, the parameters of the previously defined Peer Security Descriptor peerdes1 are set to the following values:
crypto = AES keylen = 128 integrity = MD5 group = MODP1536 lifetime secs = 84600
[ipsec peer descriptor]=>modify |
| |
name = peerdes1 |
|
|
[crypto] = | 3DES | AES |
DES | ||
[crypto] = AES |
|
|
keylen = | 192 | 256 |
128 | ||
keylen = 128 |
|
|
[integrity] = | SHA1 |
|
MD5 |
| |
[integrity] = MD5 |
|
|
[group] = | MODP1024 | MODP1536 |
MODP768 | ||
[group] = MODP1536 |
|
|
[lifetime_secs] = 84600 |
|
|
:IPSec peer descriptor modify name=peerdes1 crypto=AES keylen=128 integrity=MD5 group=MODP1536 lifetime_secs=84600
[ipsec peer descriptor]=>
The parameters of the
The descriptors must match at both peers in order to have a successful outcome of the Phase 1 negotiation.
116 | |
|