User GuideP 501/502

#0504

PreviousNext

ipsec ike

To display or specify the encryption key auto exchange settings, use the "ipsec ike" command.

Display current settings

msh> ipsec ike {1|2|3|4|default}

  • To display the settings 1-4, specify the number [1-4].

  • To display the default setting, specify [default].

  • Not specifying any value displays all of the settings.

Disable settings

msh> ipsec ike {1|2|3|4|default} disable

  • To disable the settings 1-4, specify the number [1-4].

  • To disable the default settings, specify [default].

Specify the user-specific local address / remote address.

msh> ipsec ike {1|2|3|4} {ipv4|ipv6} "local address" "remote address"

  • Enter the separate setting number [1-4], and the address type to specify local and remote address.

  • To set the local or remote address values, specify masklen by entering [/] and an integer 0-32 when settings an IPv4 address. When setting an IPv6 address, specify masklen by entering [/] and an integer 0-128.

  • Not specifying an address value displays the current setting.

Specify the address type in default setting

msh> ipsec ike default {ipv4|ipv6|any}

  • Specify the address type for the default setting.

  • To specify both IPv4 and IPv6, enter [any].

Security policy setting

msh> ipsec ike {1|2|3|4|default} proc {apply|bypass|discard}

  • Enter the separate setting number [1-4] or [default] and specify the security policy for the address specified in the selected setting.

  • To apply IPsec to the relevant packets, specify [apply]. To not apply IPsec, specify [bypass].

  • If you specify [discard], any packets to which IPsec can be applied are discarded.

  • Not specifying a security policy displays the current setting.

Security protocol setting

msh> ipsec ike {1|2|3|4|default} proto {ah|esp|dual}

  • Enter the separate setting number [1-4] or [default] and specify the security protocol.

  • To specify AH, enter [ah]. To specify ESP, enter [esp]. To specify AH and ESP, enter [dual].

  • Not specifying a protocol displays the current setting.

IPsec requirement level setting

msh> ipsec ike {1|2|3|4|default} level {require|use}

  • Enter the separate setting number [1-4] or [default] and specify the IPsec requirement level.

  • If you specify [require], data will not be transmitted when IPsec cannot be used. If you specify [use], data will be sent normally when IPsec cannot be used. When IPsec can be used, IPsec transmission is performed.

  • Not specifying a requirement level displays the current setting.

Encapsulation mode setting

msh> ipsec ike {1|2|3|4|default} mode {transport|tunnel}

  • Enter the separate setting number [1-4] or [default] and specify the encapsulation mode.

  • To specify transport mode, enter [transport]. To specify tunnel mode, enter [tunnel].

  • If you have set the address type in the default setting to [any], you cannot use [tunnel] in encapsulation mode.

  • Not specifying an encapsulation mode displays the current setting.

Tunnel end point setting

msh> ipsec ike {1|2|3|4|default} tunneladdr "beginning IP address" "ending IP address"

  • Enter the separate setting number [1-4] or [default] and specify the tunnel end point beginning and ending IP address.

  • Not specifying either the beginning or ending address displays the current setting.

IKE partner authentication method setting

msh> ipsec ike {1|2|3|4|default} auth {psk|rsasig}

  • Enter the separate setting number [1-4] or [default] and specify the authentication method.

  • Specify [psk] to use a shared key as the authentication method. Specify [rsasig] to use a certificate at the authentication method.

  • You must also specify the PSK character string when you select [psk].

  • Note that if you select "Certificate", the certificate for IPsec must be installed and specified before it can be used. To install and specify the certificate use a web browser from networked computers. (We use Web Image Monitor installed on this machine.)

PSK character string setting

msh> ipsec ike {1|2|3|4|default} psk "PSK character string"

  • If you select PSK as the authentication method, enter the separate setting number [1-4] or [default] and specify the PSK character string.

  • Specify the character string in ASCII characters. There can be no abbreviations.

ISAKMP SA (phase 1) hash algorithm setting

msh> ipsec ike {1|2|3|4|default} ph1 hash {md5|sha1|sha256|sha384|sha512}

  • Enter the separate setting number [1-4] or [default] and specify the ISAKMP SA (phase 1) hash algorithm.

  • Not specifying the hash algorithm displays the current setting.

ISAKMP SA (phase 1) encryption algorithm setting

msh> ipsec ike {1|2|3|4|default} ph1 encrypt {des|3des|aes128|aes192|aes256}

  • Enter the separate setting number [1-4] or [default] and specify the ISAKMP SA (phase 1) encryption algorithm.

  • Not specifying an encryption algorithm displays the current setting.

ISAKMP SA (phase 1) Diffie-Hellman group setting

msh> ipsec ike {1|2|3|4|default} ph1 dhgroup {1|2|14}

  • Enter the separate setting number [1-4] or [default] and specify the ISAKMP SA (phase 1) Diffie-Hellman group number.

  • Specify the group number to be used.

  • Not specifying a group number displays the current setting.

ISAKMP SA (phase 1) validity period setting

msh> ipsec ike {1|2|3|4|default} ph1 lifetime "validity period"

  • Enter the separate setting number [1-4] or [default] and specify the ISAKMP SA (phase 1) validity period.

  • Enter the validity period (in seconds) from 300 to 172800.

  • Not specifying a validity period displays the current setting.

IPsec SA (phase 2) authentication algorithm setting

msh> ipsec ike {1|2|3|4|default} ph2 auth {hmac-md5|hmac-sha1|hmac-sha256|hmac-sha384|hmac-sha512}

  • Enter the separate setting number [1-4] or [default] and specify the IPsec SA (phase 2) authentication algorithm.

  • Separate multiple encryption algorithm entries with a comma (,). The current setting values are displayed in order of highest priority.

  • Not specifying an authentication algorithm displays the current setting.

IPsec SA (phase 2) encryption algorithm setting

msh> ipsec ike {1|2|3|4|default} ph2 encrypt {null|des|3des|aes128|aes192|aes256}

  • Enter the separate setting number [1-4] or [default] and specify the IPsec SA (phase 2) encryption algorithm.

  • Separate multiple encryption algorithm entries with a comma (,). The current setting values are displayed in order of highest priority.

  • Not specifying an encryption algorithm displays the current setting.

IPsec SA (phase 2) PFS setting

msh> ipsec ike {1|2|3|4|default} ph2 pfs {none|1|2|14}

  • Enter the separate setting number [1-4] or [default] and specify the IPsec SA (phase 2) Diffie-Hellman group number.

  • Specify the group number to be used.

  • Not specifying a group number displays the current setting.

IPsec SA (phase 2) validity period setting

msh> ipsec ike {1|2|3|4|default} ph2 lifetime "validity period"

  • Enter the separate setting number [1-4] or [default] and specify the IPsec SA (phase 2) validity period.

  • Enter the validity period (in seconds) from 300 to 172800.

  • Not specifying a validity period displays the current setting.

Reset setting values

msh> ipsec ike {1|2|3|4|default|all} clear

  • Enter the separate setting number [1-4] or [default] and reset the specified setting. Specifying [all] resets all of the settings, including default.

User Guide TopTop Page>Security>Configuring IPsec Settings>telnet Setting Commands>ipsec ike
How to use this manual
Page Top

Copyright © 2020, 2021, 2022

Page Top