Chapter 16 IPSec Commands
Table 61 Ipsec Commands (continued)

COMMAND

DESCRIPTION

M

ipsec timer update_peer <time>

For IPSec rules with a domain name as the local or

R+B

 

remote gateway address, this command sets the

 

 

interval (in minutes) for resolving the domain name

 

 

and updating the rules.

 

 

time: 2~60 minutes. The default is 5 minutes.

 

 

0 disables the updates.

 

 

 

 

ipsec timer chk_input <time>

The ZyWALL disconnects any IPSec connection

R+B

 

that has no inbound traffic for this number of

 

 

seconds. This is also called the input idle timer.

 

 

time: 30~3600 seconds. 0 disables the check (this

 

 

is the default setting).

 

ipsec updatePeerIp

If you use a domain name as the local or remote

R+B

 

gateway address, this command forces the ZyWALL

 

 

to resolve the domain name and update the IPSec

 

 

rules right away.

 

 

 

 

ipsec dial <policy index>

Dials the specified IPSec policy # manually.

R+B

ipsec enable [onoff]

Enables or disables all IPSec rules.

R+B

ipsec ikeDisplay <rule-number>

Displays the specified IKE rule. Or displays all

R+B

 

runtime IKE rules without specifying a rule. Use

 

 

ikeAdd or ikeEdit to load an IKE rule before using

 

 

this command.

 

 

 

 

ipsec ikeAdd

Allocates a working buffer to add an IKE rule.

R+B

ipsec ikeEdit <rule-number>

Loads the specified IKE rule for editing.

R+B

ipsec ikeSave

Saves the IKE rule settings from buffer to memory.

R+B

ipsec ikeList

Lists all IKE rules.

R+B

ipsec ikeDelete <rule-number>

Deletes the specified IKE rule.

R+B

ipsec ikeConfig name <string>

Sets the IKE rule name.

R+B

 

string: Up to 31 characters.

 

 

 

 

ipsec ikeConfig negotiationMode

Sets the negotiation mode.

R+B

<0:Main1:Aggressive>

 

 

ipsec ikeConfig natTraversal <Yes

Turns NAT traversal on or off.

R+B

No>

 

 

ipsec ikeConfig multiPro <YesNo>

Turns multiple proposal on or off.

R+B

ipsec ikeConfig lcIdType

Sets the local ID type.

R+B

<0:IP1:DNS2:Email>

 

 

ipsec ikeConfig lcIdContent <content>

Sets the local ID content with the specified IP

R+B

 

address, domain name, or e-mail address. Use up

 

 

to 31 characters.

 

 

 

 

ipsec ikeConfig myIpAddr <ip-

Sets the local VPN gateway with the specified IP

R

addressdomain-name>

address or domain name.

 

ipsec ikeConfig peerIdType

Sets the peer ID type.

R+B

<0:IP1:DNS2:Email>

 

 

ipsec ikeConfig peerIdContent

Sets the peer ID content with the specified IP

R+B

<string>

address, domain name, or e-mail address. Use up

 

 

to 31 characters.

 

ipsec ikeConfig secureGwAddr <ip-

Sets the remote gateway address with the specified

R+B

addressdomain-name>

IP address or domain name.

 

122

 

ZyWALL (ZyNOS) CLI Reference Guide