beautypg.com

Netopia CLI 874 User Manual

Page 176

background image

3-32 Command Line Interface Commands Reference

cp { name | index } ipsec suite encapsulation { esp | ah | esp+ah }
[ encryption { des | 3des | null } ]
[ authentication esp { md5 | hmac-md5-96 | sha1 | hmac-sha1-96 } ]
[ authentication ah { md5 | hmac-md5-96 | sha1 | hmac-sha1-96 } ]
[ compression lzs ]
show cp { name | index } ipsec suite

Note:

This is an extended version of an existing CLI command. The existing command is modified to add an

encapsulation clause and to allow for one or two authentication clauses. See

“IPSec/IKE” on page 3-26

for

more information.

These commands set or display the IPSec encapsulation, encr yption, authentication, and compression
parameters for the specified connection profile.

Note:

The authentication clause may appear either one or two times; if it appears twice, one occurrence must

specify ah and the other must specify esp.

The keywords md5 and hmac-md5-96 are synonyms, although the latter keyword is preferred, the former being
retained only for backwards compatibility. The keywords sha1 and hmac-sha1-96 are synonyms, although the
latter keyword is preferred, the former being retained only for backwards compatibility.

cp { name | index } ipsec ip
[remote
[members {a.b.c.d | a.b.c.d/n | a.b.c.d e.f.g.h | a.b.c.d-e.f.g.h}]
[tep a.b.c.d] ]
[local
[members {a.b.c.d | a.b.c.d/n | a.b.c.d e.f.g.h | a.b.c.d-e.f.g.h}]
[tep a.b.c.d] ]
[via a.b.c.d]
show cp { name | index } ipsec ip

Note:

This is an extended version of an existing CLI command. The existing command is modified to allow a

members specification to appear in the local clause and to allow for a host address or an IP address range
(rather than a network address and subnet mask) in the remote and local members clauses. See

“IPSec/IKE”

on page 3-26

for more information.

This command sets the per tinent IP values for the IPSec tunnel, and may contain zero or one instances of each
of three possible clauses: remote, local, and via. The remote clause, if specified, may include a members
specification or a tunnel endpoint (“tep”) specification, or both. The local clause, if specified, may contain a
members specification or a tunnel endpoint specification, or both. The optional via clause sets the next hop
gateway. The keyword sg (shor t for “security-gateway”) is an acceptable synonym for the keyword tep.

cp { name | index } ipsec sa lifetime { seconds | kbytes } { non-negative-integer | none }
show cp { name | index } ipsec sa lifetime [ { seconds | kbytes } ]
no cp { name | index } ipsec sa lifetime [ { seconds | kbytes } ]

These commands set, display, or disable one or both of the two IKE Phase 2 SA lifetimes (in seconds and/or
kbytes protected) for the specified IPSec protocol for the specified connection profile. Specifying neither the
keyword seconds nor the keyword kbytes with the show variant of this command displays both lifetime values.
The keyword none is equivalent to the value zero, and indicates that there is no lifetime of the specified type.

See also other documents in the category Netopia Hardware: