ZyXEL Communications 4.04 User Manual

Chapter 16 IPSec Commands

ZyWALL (ZyNOS) CLI Reference Guide

This example adds an IKE rule as follows.

• IKE Rule Name: VPN-ph1

• My IP Address: 10.1.1.1

• Secure Gateway Address: 10.1.1.2

• Authentication: Pre-Shared Key

• Pre-Shared Key: 12345678 

This example enables VPN HA on an existing IKE rule.

"

You need to load an IKE rule first by ikeAdd or ikeEdit before you configure 
IKE settings.

• IKE Rule index: 1

• The redundant secure gateway IP: 10.1.1.5

• Fall back detection: Enable

• The time interval for fall back detection: 180 seconds

• DPD for fail over detection: Enable

• Output idle Timeout for fail over detection: Enable

ras> ipsec ikeAdd

ras> ipsec ikeConfig name VPN-ph1

ras> ipsec ikeConfig myIpAddr 10.1.1.1

ras> ipsec ikeConfig secureGwAddr 10.1.1.2

ras> ipsec ikeConfig authMethod 0

ras> ipsec ikeConfig preShareKey 12345678

ras> ipsec ikeSave

ras> ipsec ikeList

Configure IKE number 1

Idx SPD Name                 Flags MyIP            SecureGW

===============================================================================

  1   0 VPN-ph1                  3 10.1.1.1         10.1.1.2

ras> ipsec ikeEdit 1

ras> ipsec ikeConfig ha enable on

ras> ipsec ikeConfig ha redunSecGwAddr 10.1.1.5

ras> ipsec ikeConfig ha fallback enable on

ras> ipsec ikeConfig ha fallback interval 180

ras> ipsec ikeConfig ha failover dpd on

ras> ipsec ikeConfig ha failover outputIdleTime on

ras> ipsec ikeConfig ha failover display

Fail over detection methods:

Output Idle Time: Yes

DPD: Yes

Ping Check: No

ras> ipsec ikeSave