ZyXEL Communications 4.04 User Manual
ZyWALL (ZyNOS) CLI Reference Guide
121
C
H A P T E R
1 6
IPSec Commands
Use these commands to configure IPSec settings on the ZyWALL.
16.1 Command Summary
The following table describes the values required for many commands. Other values are
discussed with the corresponding commands.
discussed with the corresponding commands.
The following section lists the commands for this feature.
Table 60 BM Class Command Input Values
LABEL
DESCRIPTION
<interface>
This is an interface name including lan, wan/wan1, dmz, wan2, wlan.
Table 61 Ipsec Commands
COMMAND
DESCRIPTION
M
ipsec debug type
<0:Disable|1:Original <on|off>|2:IKE
<on|off>|3:IPSec [SPI]
<on|off>|4:XAUTH <on|off>|5:CERT
<on|off>|6:All>
Controls whether the specified debugging
information is displayed on the console.
information is displayed on the console.
R+B
ipsec debug level
<0:None|1:User|2:Low|3:High>
Sets the debugging level. The higher the number
specified, the more detail displays.
specified, the more detail displays.
R+B
ipsec debug display
Displays all debugging settings.
R+B
ipsec route <interface> [on|off]
After IPSec processes a packet that will be sent to
the specified interface, this switch controls whether
or not the packets can be forwarded to another
IPSec tunnel.
the specified interface, this switch controls whether
or not the packets can be forwarded to another
IPSec tunnel.
R
ipsec show_runtime sa
Displays active IKE and IPSec SAs.
R+B
ipsec show_runtime spd
Displays the local and remote network address
pairs used to differentiate the connected dynamic
VPN tunnels.
pairs used to differentiate the connected dynamic
VPN tunnels.
R+B
ipsec show_runtime list
Displays active VPN tunnels.
R+B
ipsec timer chk_conn <time>
The ZyWALL disconnects a VPN tunnel if there is
no reply traffic for this number of minutes. This is
also called the output idle timer.
no reply traffic for this number of minutes. This is
also called the output idle timer.
time
: 120~3600 seconds. The default is 120
seconds.
R+B