beautypg.com

Netopia CLI 874 User Manual

Page 175

background image

Motorola Netopia® Router Connection Profile Commands 3-31

cp { name | index } ipsec dead-peer-detection ping-reply-timeout 1..65535
show cp { name | index } ipsec dead-peer-detection ping-reply-timeout

Note:

These commands are suppor ted beginning with firmware version 8.2

These commands allow you to specify or show the maximum period of time (in seconds) an IPsec tunnel
endpoint will wait for the peer’s response to its earliest ping request. If the peer does not respond within this
period, it is deemed to be a dead peer tunnel. Default is 90 seconds.

cp { name | index } ipsec idle-timeout { non-negative-integer | none }
show cp { name | index } ipsec idle-timeout
no cp { name | index } ipsec idle-timeout

These commands set or display the idle timeout associated with the specified IPSec connection profile. If the
IPSec key-manager associated with the connection profile is manual, then the idle-timeout value is meaningful
only if the remote sg is 0.0.0.0 or the empty string. In that case, the idle-timeout value specifies the period in
seconds during which the SPI (or SPIs) are bound to a par ticular remote peer in the absence of outbound traffic
through the IPSec tunnel. The value zero (or the keyword none) causes the SPI (or SPIs) to be permanently
bound to the first remote peer that sends traffic through the tunnel using the SPI (or SPIs). If the IPSec
key-manager associated with the connection profile is ike, then the idle-timeout value specifies the period prior
to SA expiration during which there must be at least one outbound packet through the IPSec tunnel for a re-key
to be per formed one second prior to SA expiration. The value zero (or the keyword none) indicates that a re-key
should always be per formed one second prior to SA expiration even if there has been no outbound traffic
through the tunnel.

cp { name | index } ipsec key-manager { manual | ike }
show cp { name | index } ipsec key-manager

These commands set or display the IPSec key manager associated with the specified connection profile.

cp { name | index } ipsec ike phase1 { name | index | none }
show cp { name | index } ipsec ike phase1
no cp { name | index } ipsec ike phase1

These commands set, display, or disable the IKE Phase1 profile associated with the specified connection
profile. The IKE Phase1 profile may be specified either by index or by name.

cp { name | index } ipsec pfs { yes | no }
show cp { name | index } ipsec pfs
no cp { name | index } ipsec pfs

These commands set, display, or change the Phase 2 per fect for ward secrecy setting for the specified IPsec
Phase 2 profile.

See also other documents in the category Netopia Hardware: