Skip to content
Was this article helpful?

ipsec parameter

The following operations can be performed on "ipsec parameter":

set | unset | show

set ipsec parameter

Set global parameters for IPSEC

Synopsys

set ipsec parameter [-ikeVersion ( V1 | V2 )] [-encAlgo ( AES | 3DES ) ...] [-hashAlgo <hashAlgo> ...] [-lifetime <positive_integer>] [-livenessCheckInterval <positive_integer>] [-replayWindowSize <positive_integer>] [-ikeRetryInterval <positive_integer>] [-perfectForwardSecrecy ( ENABLE | DISABLE )] [-retransmissiontime <positive_integer>]

Arguments

ikeVersion

IKE Protocol Version

Possible values: V1, V2

Default value: V2

encAlgo

Type of encryption algorithm

Default value: AES

hashAlgo

Type of hashing algorithm

Default value: HMAC_SHA256

lifetime

Lifetime of IKE SA in seconds. Lifetime of IPSec SA will be (lifetime of IKE SA/8)

Minimum value: 480

Maximum value: 31536000

livenessCheckInterval

Number of seconds after which a notify payload is sent to check the liveliness of the peer. Additional retries are done as per retransmit interval setting. Zero value disables liveliness checks.

Minimum value: 0

Maximum value: 64999

replayWindowSize

IPSec Replay window size for the data traffic

Minimum value: 0

Maximum value: 16384

ikeRetryInterval

IKE retry interval for bringing up the connection

Minimum value: 60

Maximum value: 3600

perfectForwardSecrecy

Enable/Disable PFS.

Possible values: ENABLE, DISABLE

Default value: DISABLE

retransmissiontime

The interval in seconds to retry sending the IKE messages to peer, three consecutive attempts are done with doubled interval after every failure,

increases for every retransmit till 6 retransmits.

Minimum value: 1

Maximum value: 99

unset ipsec parameter

Set global parameters for IPSEC.Refer to the set ipsec parameter command for meanings of the arguments.

Synopsys

unset ipsec parameter [-ikeVersion] [-encAlgo] [-hashAlgo] [-lifetime] [-livenessCheckInterval] [-replayWindowSize] [-ikeRetryInterval] [-perfectForwardSecrecy] [-retransmissiontime]

show ipsec parameter

Show global parameters for IPSEC

Synopsys

show ipsec parameter

Outputs

ikeVersion

IKE Protocol Version

encAlgo

Type of encryption algorithm

hashAlgo

Type of hashing algorithm

lifetime

Lifetime of IKE SA in seconds. Lifetime of IPSec SA will be (lifetime of IKE SA/8)

livenessCheckInterval

Number of seconds after which a notify payload is sent to check the liveliness of the peer. Additional retries are done as per retransmit interval setting. Zero value disables liveliness checks.

replayWindowSize

IPSec Replay window size for the data traffic

ikeRetryInterval

IKE retry interval for bringing up the connection

perfectForwardSecrecy

Enable/Disable PFS.

retransmissiontime

The interval in seconds to retry sending the IKE messages to peer, three consecutive attempts are done with doubled interval after every failure,

increases for every retransmit till 6 retransmits.

Was this article helpful?