Chapter 16 IPSec Commands

16.4 Command Examples

This example adds an IKE rule as follows.IKE Rule Name: VPN-ph1My IP Address: 10.1.1.1Secure Gateway Address: 10.1.1.2Authentication: Pre-Shared KeyPre-Shared Key: 12345678

ras> ipsec ikeAdd

ras> ipsec ikeConfig name VPN-ph1 ras> ipsec ikeConfig myIpAddr 10.1.1.1

ras> ipsec ikeConfig secureGwAddr 10.1.1.2 ras> ipsec ikeConfig authMethod 0

ras> ipsec ikeConfig preShareKey 12345678 ras> ipsec ikeSave

This example enables VPN HA on an existing IKE rule.

"You need to load an IKE rule first by ikeAdd or ikeEdit before you configure IKE settings.

IKE Rule index: 1The redundant secure gateway IP: 10.1.1.5Fall back detection: EnableThe time interval for fall back detection: 180 secondsDPD for fail over detection: EnableOutput idle Timeout for fail over detection: Enable

ras> ipsec ikeList

 

 

Configure IKE number 1

Flags MyIP

SecureGW

Idx SPD Name

===============================================================================

1 0 VPN-ph1

3 10.1.1.1

10.1.1.2

ras> ipsec ikeEdit 1

 

 

ras> ipsec ikeConfig ha enable on

 

 

ras> ipsec ikeConfig ha redunSecGwAddr 10.1.1.5 ras> ipsec ikeConfig ha fallback enable on ras> ipsec ikeConfig ha fallback interval 180 ras> ipsec ikeConfig ha failover dpd on

ras> ipsec ikeConfig ha failover outputIdleTime on ras> ipsec ikeConfig ha failover display

Fail over detection methods: Output Idle Time: Yes

DPD: Yes

Ping Check: No ras> ipsec ikeSave

130

 

ZyWALL (ZyNOS) CLI Reference Guide