Spdsetpropattrib – AMX NI-2100/3100/4100 User Manual

Page 136

Advertising
background image

Appendix A: IPSec Configuration File

128

NI Series WebConsole & Programming Guide

SpdSetPropAttrib

SpdSetPropAttrib

NAME

spdSetPropAttrib– set attributes of an IKE Phase 2 proposal

SYNOPSIS

spdSetPropAttrib=pConfStr

DESCRIPTION This rule sets or modifies the attributes of an existing IKE Phase 2 proposal.

Rule Value:

pConfStr

A stringValue specifier formatted as follows:

proposalName,attributeType,attributeValue[,attributeType,

attributeValue...]

- proposalName is the name of an existing Phase 2 proposal.
- attributeType is an attribute type from the table below.
- attributeValue is an attribute value from the table below.

Attribute Type

Attribute Value

• ANTIREPLAY

DISABLED or ENABLED (default)

• DHGROUP

NONE (default) for no PFS, G1 for D-H Group 1, G2 for D-H Group 2

• ENCAP

TUNNEL or TRANSPORT

• UNITOFTIME

SECS (default), MINS, or HRS

• HARDLIFETIME Default is 28800 seconds.

attributeValue is converted to seconds.
If attributeValue > 0 and attributeValue <
PHASE2_MIN_HARD_LIFE_IN_SECS then it defaults to
PHASE2_MIN_HARD_LIFE_IN_SECS, which is defined to be 120
seconds.
Behavior is undefined if attributeValue=0.

• SOFTLIFETIME Default is 75% of HARDLIFETIME.

attributeValue is converted to seconds.
If attributeValue > 0 and attributeValue <
PHASE2_MIN_SOFT_LIFE_IN_SECS then it defaults to
PHASE2_MIN_SOFT_LIFE_IN_SECS, which is defined to be
90 seconds.
Behavior is undefined if attributeValue=0.

• HARDLIFESIZE Default is 4608000 KB.

If attributeValue > 0 and attributeValue <
PHASE2_MIN_HARD_LIFE_IN_KB then it defaults to
PHASE2_MIN_HARD_LIFE_IN_KB, which is defined to be 2560 KB.
Behavior is undefined if attributeValue=0.

• SOFTLIFESIZE 0 for no lifesize; default is 75% of HARDLIFESIZE.

If attributeValue > 0 and attributeValue <
PHASE2_MIN_SOFT_LIFE_IN_KB then it defaults to
PHASE2_MIN_SOFT_LIFE_IN_KB, which is defined to be 1920 KB.
Behavior is undefined if attributeValue=0.

• PSKEEPALIVE

DISABLED, ENABLED, or GLOBAL (default)
Sets the keep-alive flag for protection suites created using this proposal.
If you choose ENABLED, all protection suites derived from this proposal
will renew when their soft lifetimes expire. If you choose GLOBAL, the
global keep-alive flag will be consulted when soft lifetimes expire.

Advertising
This manual is related to the following products:

NI-700/900, NI-2000/3000/4000

Popular Brands
Popular manuals