Nortel 4134 用户指南
128
IPsec VPN configuration
crypto
3
To specify the IKE policy to configure, enter:
ike policy <policy-name> <peer-address>
4
To select the IKE proposal to configure, enter:
proposal <priority>
5
To configure lifetime, enter:
lifetime {kilobytes <300-4194303> | seconds
<300-864000>}
—End—
Table 54
Variable definitions
Variable definitions
Variable
Value
kilobytes <300-419430
3>
3>
Specifies the volume of traffic (in kilobytes) that can
pass between IPsec peers using the given IKE SA
before that SA expires. Default: unlimited.
pass between IPsec peers using the given IKE SA
before that SA expires. Default: unlimited.
seconds <300-864000>
Specifies the number of seconds the IKE SA runs
before expiring. Default: 86400 seconds (24 hours).
before expiring. Default: 86400 seconds (24 hours).
Configuring OCSP for the IKE policy
Enable OCSP to configure the router to contact the CA for verification of the
status of any certificate that the router receives.
status of any certificate that the router receives.
Procedure steps
Step
Action
1
To enter the configuration mode, enter:
configure terminal
2
To specify crypto configuration for IPsec and IKE, enter:
crypto
3
To specify the IKE policy to configure, enter:
ike policy <policy-name> <peer-address>
4
To enable or disable OCSP, enter:
[no] ocsp
—End—
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.