Skip to content

ipsec-profile

The following operations can be performed on "ipsec-profile":

show| rm| add|

show ipsec profile

Display all of the configured ipsec peers

Synopsis

show ipsec profile []

Arguments

name The name of the ipsec profile

Output

ikeVersion IKE Protocol Version

encAlgo Type of encryption algorithm.

hashAlgo Type of hashing algorithm

lifetime Lifetime of IKE SA in seconds. Lifetime of IPSec SA will be (lifetime of IKE SA/8)

livenessCheckInterval Number of seconds after which a notify payload is sent to check the liveliness of the peer. Additional retries are done as per retransmit interval setting. Zero value disables liveliness checks.

replayWindowSize IPSec Replay window size for the data traffic

retransmissiontime The interval in seconds to retry sending the IKE messages to peer, three consecutive attempts are done with doubled interval after every failure.

psk Pre shared key value

publickey Public key file path

privatekey Private key file path

peerPublicKey Peer public key file path

ikeRetryInterval IKE retry interval for bringing up the connection

perfectForwardSecrecy Enable/Disable PFS.

responderOnly Responder Only config for IKED.

builtin Indicates that a variable is a built-in (SYSTEM INTERNAL) type.

feature The feature to be checked while applying this config

devno count stateflag

Example

show ipsec profile

rm ipsec profile

Remove an ipsec peer

Synopsis

rm ipsec profile

Arguments

name The name of the ipsec profile.

Example

rm ipsec profile

add ipsec profile

Add an ipsec profile.

Synopsis

add ipsec profile [-ikeVersion ( V1 | V2 )] [-encAlgo ...] [-hashAlgo ...] [-lifetime ] (-psk | (-publickey -privatekey -peerPublicKey )) [-livenessCheckInterval ] [-replayWindowSize ] [-ikeRetryInterval ] [-retransmissiontime ] [-perfectForwardSecrecy ( ENABLE | DISABLE )]

Arguments

name The name of the ipsec profile

ikeVersion IKE Protocol Version

Possible values: V1, V2

encAlgo Type of encryption algorithm (Note: Selection of AES enables AES128)

hashAlgo Type of hashing algorithm

lifetime Lifetime of IKE SA in seconds. Lifetime of IPSec SA will be (lifetime of IKE SA/8) Minimum value: 480 Maximum value: 31536000

psk Pre shared key value

publickey Public key file path

privatekey Private key file path

peerPublicKey Peer public key file path

livenessCheckInterval Number of seconds after which a notify payload is sent to check the liveliness of the peer. Additional retries are done as per retransmit interval setting. Zero value disables liveliness checks. Minimum value: 0 Maximum value: 64999

replayWindowSize IPSec Replay window size for the data traffic Minimum value: 0 Maximum value: 16384

ikeRetryInterval IKE retry interval for bringing up the connection Minimum value: 60 Maximum value: 3600

retransmissiontime The interval in seconds to retry sending the IKE messages to peer, three consecutive attempts are done with doubled interval after every failure. Minimum value: 1 Maximum value: 99

perfectForwardSecrecy Enable/Disable PFS.

Possible values: ENABLE, DISABLE

Was this article helpful?