HP X Unified Security Platform Series Guía de usuario descargar pdf (Pagina 83)

configure

X Family CLI Reference V 2.5.1 75

key

selects and configures the keying mode. Some options are only valid on the High

Encryption agent, which can be downloaded from the TMC.

manual incoming-spi spi outgoing-spi spi encryption

< des-cbc | 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 >

authentication <esp-sha1-hmac | esp-md5-hmac | ah-md5 | ah-sha1>

encryption-key key auth-key key

configures manual mode.

ike proposal proposal-name [shared-secret secret] [ peer-id id]

configures IKE proposal. If included, the shared secret must be at least 8

characters long.

negotiate

starts negotiation of the tunnel.

peer ip

configures the IP address of the terminating VPN unit or network device (the

remote target of the VPN link).

transport < enable | disable >

enables or disables transport mode. Use this if you are using L2TP or if you are

configuring a Security Association to use with a GRE interface.

tunnel

controls tunneling.

disable

disables tunneling.

enable

enables tunneling.

local < default-route | dhcp | group group-name |

subnet ip netmask netmask | range ip1 ip2 >

select the source IP addresses that are allowed to use this IPSec tunnel by

specifying an IP address group, subnet, or range. You should use an IP address

group that contains all the source IP addresses of devices that can use the IPSec

tunnel.

Choose default-route if the remote IPSec peer uses this IPSec tunnel as its

default route. Choose dhcp if the local network devices receive IP addresses by

DHCP over this IPSec tunnel. DHCP relay must first be configured to use this

tunnel before selecting this option.

nat < disable | ip >

enables or disables NAT tunneling.

1 2 ... 78 79 80 81 82 83 84 85 86 87 88 ... 141 142

Sin comentarios

HP X Unified Security Platform Series Guía de usuario Pagina 83