Internet key exchange (ike) settings – Netopia 6.3 User Manual
Page 144
144
Appendix A
CONFIG Commands
See
for details about SafeHarbour IPsec tunnel capability.
See
for details about SafeHarbour IPsec tunnel capability.
See
for details about SafeHarbour IPsec tunnel capability.
See
for details about SafeHarbour IPsec tunnel capability.
Internet Key Exchange (IKE) Settings
The following four IPsec parameters configure the rekeying event.
•
The soft parameters designate when the system negotiates a new key. For
example, after 82800 seconds (23 hours) or 1 Gbyte has been transferred
(whichever comes first) the key will be renegotiated.
•
The hard parameters indicate that the renegotiation must be complete or the
tunnel will be disabled. For example, 86400 seconds (24 hours) means that
the renegotiation must be complete within one day.
Both ends of the tunnel set parameters, and typically they will be the same. If they
are not the same, the rekey event will happen when the longest time period
expires or when the largest amount of data has been sent.
BOTH
set security ipsec tunnels name "123" IKE-mode
DH-group (1) { 1 | 2 | 5}
BOTH
set security ipsec tunnels name "123" IKE_mode
isakmp-SA-encrypt (DES) {DES | 3DES | Blowfish | CAST}
BOTH
set security ipsec tunnels name "123" isakmp-SA-hash
(MD5) {MD5 | SHA1}
BOTH
set security ipsec tunnels name "123"PFS-DH-group
(off) {off | 1 | 2 | 5 }
BOTH
set security ipsec tunnels name "123" IKE-mode
ipsec-soft-mbytes (1000) {1-1000000}
BOTH
set security ipsec tunnels name "123" IKE-mode
ipsec-soft-seconds (82800) {60-1000000}
BOTH
set security ipsec tunnels name "123" IKE-mode
ipsec-hard-mbytes (1200) {1-1000000}
BOTH
set security ipsec tunnels name "123" IKE-mode
ipsec-hard-seconds (86400) {60-1000000}