Motorola 2200 User Manual

Administrator’s Handbook

196

set security ipsec tunnels name "123" dest-int-netmask

netmask

Specifies the subnet mask of the destination computer or internal network. The subnet mask specifies
which bits of the 32-bit IP address represents network information. The default subnet mask for most
networks is 255.255.255.0 (class C subnet mask).

set security ipsec tunnels name "123" encrypt-protocol { ESP | none }

See

page 201

for details about SafeHarbour IPsec tunnel capability.

set security ipsec tunnels name "123" auth-protocol {AH | ESP | none}

See

page 201

for details about SafeHarbour IPsec tunnel capability.

set security ipsec tunnels name "123" IKE-mode pre-shared-key-type
[ ascii | hex ]

See

page 201

for details about SafeHarbour IPsec tunnel capability.

set security ipsec tunnels name "123" IKE-mode pre-shared-key

hex_string

See

page 201

for details about SafeHarbour IPsec tunnel capability.

Example:

0x1234

set security ipsec tunnels name "123" IKE-mode
neg-method { main | aggressive }

See

page 201

for details about SafeHarbour IPsec tunnel capability.

Note: Aggressive Mode is a little faster, but it does not provide identity protection for negotiations
nodes.

set security ipsec tunnels name "123" IKE-mode DH-group { 1 | 2 | 5 }

See

page 201

for details about SafeHarbour IPsec tunnel capability.