Nortel Networks 608(WL) 사용자 설명서
Chapter 4
Configuration via the Command Line Interface
E-DOC-CTC-20051017-0169 v0.1
116
4.3.4 Set or Modify the Peer Descriptor Parameters
modify command
The
ipsec peer descriptor modify
command sets or modifies the Peer
Security Descriptor parameters.
Example
In this example, the parameters of the previously defined Peer Security Descriptor
peerdes1 are set to the following values:
peerdes1 are set to the following values:
crypto = AES
keylen = 128
integrity = MD5
group = MODP1536
lifetime secs = 84600
[ipsec peer descriptor]=>modify
name = peerdes1
[crypto] =
DES
name = peerdes1
[crypto] =
DES
3DES
AES
[crypto] = AES
keylen =
128
keylen =
128
192
256
keylen = 128
[integrity] =
MD5
[integrity] =
MD5
SHA1
[integrity] = MD5
[group] =
MODP768
[group] =
MODP768
MODP1024
MODP1536
[group] = MODP1536
[lifetime_secs] = 84600
:IPSec peer descriptor modify name=peerdes1 crypto=AES keylen=128
integrity=MD5 group=MODP1536 lifetime_secs=84600
[ipsec peer descriptor]=>
[lifetime_secs] = 84600
:IPSec peer descriptor modify name=peerdes1 crypto=AES keylen=128
integrity=MD5 group=MODP1536 lifetime_secs=84600
[ipsec peer descriptor]=>
The parameters of the pre-defined descriptors can also be changed with the
modify command. Use this feature for example if you want to change the
lifetime parameter only.
modify command. Use this feature for example if you want to change the
lifetime parameter only.
The descriptors must match at both peers in order to have a successful
outcome of the Phase 1 negotiation.
outcome of the Phase 1 negotiation.