Nortel Networks 608(WL) Manuale Utente
Chapter 4
Configuration via the Command Line Interface
E-DOC-CTC-20051017-0169 v0.1
133
4.5.4 Set the Connection Security Descriptor
Parameters
modify command
The
ipsec connection descriptor modify
command sets or modifies
the connection descriptor parameters.
Example
In this example, the parameters of the previously defined Connection Security
Descriptor cnctdes1 are set to the following values:
Descriptor cnctdes1 are set to the following values:
crypto = AES
key length = 128
integrity = HMAC-MD5
Perfect Forward Secrecy = disabled
lifetime secs = 3600
lifetime kbytes = 10000
Encapsulation mode = tunnel mode
The Descriptors must match at both tunnel ends in order to have a
successful outcome of the Phase 2 negotiation.
successful outcome of the Phase 2 negotiation.
[ipsec connection descriptor]=>modify
name = cnctdes1
[crypto] =
DES
3DES
AES
NULL
[crypto] = AES
keylen =
128
name = cnctdes1
[crypto] =
DES
3DES
AES
NULL
[crypto] = AES
keylen =
128
192
256
keylen = 128
[integrity] =
HMAC-MD5
HMAC-SHA1
[integrity] = HMAC-MD5
[pfs] = disabled
[lifetime_secs] = 3600
[lifetime_kbytes] = 10000
[encapsulation] = tunnel
:ipsec connection descriptor modify name=cnctdes1 crypto=AES keylen=128
[integrity] =
HMAC-MD5
HMAC-SHA1
[integrity] = HMAC-MD5
[pfs] = disabled
[lifetime_secs] = 3600
[lifetime_kbytes] = 10000
[encapsulation] = tunnel
:ipsec connection descriptor modify name=cnctdes1 crypto=AES keylen=128
integrity=HMAC-MD5 lifetime_secs=3600 lifetime_kbytes=10000
[ipsec connection descriptor]=>
The parameters of the pre-defined descriptors can also be changed with the
modify command. Use this feature for example if you want to change the
lifetime parameter only.
modify command. Use this feature for example if you want to change the
lifetime parameter only.
The descriptors must match at both peers in order to have a successful
outcome of the Phase 2 negotiation.
outcome of the Phase 2 negotiation.