ZyXEL Communications n/a Manual De Usuario
DSL & IAD CLI Reference Guide
89
C
H A P T E R
1 4
IPSec Commands
Use these commands to configure IPSec settings on the ZyXEL Device.
14.1 Command Summary
The following section lists the commands for this feature.
Table 34 IPSec Commands
COMMAND
DESCRIPTION
ipsec debug [on|off]
Enables or disables the trace for IPSec debugging
information.
information.
ipsec route dmz [on|off]
After IPSec processes a packet that will be sent to the
DMZ, this ZyXEL Device controls whether or not the
packets can be forwarded to another IPSec tunnel.
DMZ, this ZyXEL Device controls whether or not the
packets can be forwarded to another IPSec tunnel.
ipsec route lan [on|off]
After IPSec processes a packet that will be sent to the
LAN, this ZyXEL Device controls whether or not the
packets can be forwarded to another IPSec tunnel.
LAN, this ZyXEL Device controls whether or not the
packets can be forwarded to another IPSec tunnel.
ipsec route wan [on|off]
After IPSec processes a packet that will be sent to the
WAN, this ZyXEL Device controls whether or not the
packets can be forwarded to another IPSec tunnel.
WAN, this ZyXEL Device controls whether or not the
packets can be forwarded to another IPSec tunnel.
ipsec show_runtime sa
Displays active IKE and IPSec SAs.
ipsec show_runtime spd
Displays the local and remote network address pairs used
to differentiate the connected dynamic VPN tunnels.
to differentiate the connected dynamic VPN tunnels.
ipsec switch <on|off>
Enables or disables all IPSec rules. The setting resets to
off after the ZyXEL Device restarts.
off after the ZyXEL Device restarts.
ipsec timer chk_my_ip <1~3600>
Sets the interval (in seconds) for checking if the ZyXEL
Device’s WAN IP address has changed
Device’s WAN IP address has changed
ipsec timer chk_conn <0~255>
The ZyXEL Device disconnects a VPN tunnel if there is no
reply traffic for this number of minutes. 0 disables the
check.
reply traffic for this number of minutes. 0 disables the
check.
ipsec timer update_peer <0~255>
For IPSec rules with a domain name as the local or remote
gateway address, this command sets the interval (in
minutes) for resolving the domain name and updating the
rules. 0 disables the updates.
gateway address, this command sets the interval (in
minutes) for resolving the domain name and updating the
rules. 0 disables the updates.
ipsec timer chk_input <0~255>
The ZyXEL Device disconnects any IPSec connection that
has no inbound traffic for
has no inbound traffic for
this number of minutes. 0
disables the check (this is the default setting).
ipsec updatePeerIp
If you use a domain name as the local or remote gateway
address, this command forces the ZyXEL Device to
resolve the domain name and update the IPSec rules right
away.
address, this command forces the ZyXEL Device to
resolve the domain name and update the IPSec rules right
away.