ZyXEL Communications 3.1 User Manual

 Chapter 17 IPSec VPN

ZyWALL (ZLD) CLI Reference Guide

This table lists the additional commands for IPSec SAs using manual keys (VPN connections using 
manual keys).

This table lists the commands for the VPN concentrator.

crypto map Commands: IPSec SAs (Manual Keys)

crypto map map_name

set session-key {ah <256..4095> 

auth_key | esp <256..4095> [cipher 

enc_key] authenticator auth_key}

Sets the active protocol, SPI (<256..4095>), authentication key and 
encryption key (if any).

: You can use any alphanumeric characters or 

,;|`~!@#$%^&*()_+\{}':./<>=-"

.

 

The length of the key depends on 

the algorithm.

md5 - 16-20 characters

sha - 20 characters

sha256 - 32 characters 

sha512 - 64 characters

: You can use any alphanumeric characters or 

,;|`~!@#$%^&*()_+\{}':./<>=-"

. The length of the key depends on 

the algorithm.

des - 8-32 characters

3des - 24-32 characters

aes128 - 16-32 characters

aes192 - 24-32 characters

aes256 - 32 characters

If you want to enter the key in hexadecimal, type “0x” at the beginning 
of the key. For example, "0x0123456789ABCDEF" is in hexadecimal 
format; in “0123456789ABCDEF” is in ASCII format. If you use 
hexadecimal, you must enter twice as many characters.

The ZyWALL automatically ignores any characters above the minimum 
number of characters required by the algorithm. For example, if you 
enter 

1234567890XYZ

 for a DES encryption key, the ZyWALL only 

uses 

12345678

. The ZyWALL still stores the longer key.

local-ip ip

Sets the local gateway address to the specified IP address.

peer-ip ip

Sets the remote gateway address to the specified IP address.

vpn-concentrator Commands: VPN Concentrator

show vpn-concentrator [profile_name]

Shows the specified VPN concentrator or all VPN concentrators.

[no] vpn-concentrator profile_name

Creates the specified VPN concentrator if necessary and enters sub-command 
mode. The 

no

 command deletes the specified VPN concentrator.