beautypg.com

Modify command, Example, Set the connection security descriptor parameters – Nortel Networks 608(WL) User Manual

Page 135: Chapter 4

background image

Chapter 4

Configuration via the Command Line Interface

E-DOC-CTC-20051017-0169 v0.1

133

4.5.4 Set the Connection Security Descriptor

Parameters

modify command

The

ipsec connection descriptor modify

command sets or modifies

the connection descriptor parameters.

Example

In this example, the parameters of the previously defined Connection Security
Descriptor cnctdes1 are set to the following values:

crypto = AES

key length = 128

integrity = HMAC-MD5

Perfect Forward Secrecy = disabled

lifetime secs = 3600

lifetime kbytes = 10000

Encapsulation mode = tunnel mode

The Descriptors must match at both tunnel ends in order to have a
successful outcome of the Phase 2 negotiation.

[ipsec connection descriptor]=>modify
name = cnctdes1
[crypto] =
DES
3DES
AES
NULL
[crypto] = AES
keylen =
128

192

256

keylen = 128
[integrity] =
HMAC-MD5
HMAC-SHA1
[integrity] = HMAC-MD5
[pfs] = disabled
[lifetime_secs] = 3600
[lifetime_kbytes] = 10000
[encapsulation] = tunnel
:ipsec connection descriptor modify name=cnctdes1 crypto=AES keylen=128

integrity=HMAC-MD5 lifetime_secs=3600 lifetime_kbytes=10000

[ipsec connection descriptor]=>

The parameters of the pre-defined descriptors can also be changed with the
modify command. Use this feature for example if you want to change the
lifetime parameter only.

The descriptors must match at both peers in order to have a successful
outcome of the Phase 2 negotiation.

This manual is related to the following products: