freeGuard 100 CLI User Manual
261
• Enter dialup to authenticate dialup VPN clients that use
unique peer IDs. In this case, you must create a group of
dialup users for authentication purposes. Use the usrgrp
keyword to set the user group name.
• Enter peer to authenticate one or more certificate holders
that use the same certificate. Use the peer keyword to enter
the certificate name.
• Enter peergrp to authenticate certificate holders that use
unique certificates. In this case, you must create a group of
certificate holders for authentication purposes. Use the
peergrp keyword to set the certificate group name.
proposal {3des-md5
3des-sha1 aes128-
md5 aes128-sha1
aes192-md5 aes192-
sha1 aes256-md5
aes256-sha1 des-md5
des-sha1}
Select a minimum of one and a maximum of three
encryption-message digest combinations for the Phase 1
proposal (for example,3des-md5). The remote peer must be
configured to use at least one of the proposals that you
define. Use a space to separate the combinations. You can
select any of the following symmetric-key encryption
algorithms:
• null-Do not use an encryption algorithm.
• des-Digital Encryption Standard, a 64-bit block algorithm
that uses a 56-bit key.
• 3des-Triple-DES, in which plain text is encrypted three
times by three keys.
• aes128-A 128-bit block algorithm that uses a 128-bit key.
• aes192-A 128-bit block algorithm that uses a 192-bit key.
• aes256-A 128-bit block algorithm that uses a 256-bit key.
You can select either of the following message digests to
check the authenticity of messages during an encrypted
session:
• null-Do not use a message digest.
• md5-Message Digest 5, the hash algorithm developed by
RSA Data Security.
• sha1-Secure Hash Algorithm 1, which produces a 160-bit
message digest.
No default.
psksecret
<password_str>
Enter the pre-shared key if authmethod is set to psk. The
pre-shared key must be the same on the remote VPN
gateway or client and should only be known by network
administrators. The key must consist of at least 6 printable
characters. For optimum protection against currently known
attacks, the key should consist of a minimum of 16 randomly
chosen alphanumeric characters.
No default.
remotegw
<address_ipv4>
Enter the static IP address of the remote VPN peer when
type is set to static.
0.0.0.0
Summary of Contents for freeGuard 100
Page 1: ...freeGuard 100 UTM Firewall CLI USER S MANUAL P N F0025000 Rev 1 1...
Page 3: ......
Page 7: ......
Page 87: ...80 The config ips anomaly command has 1 subcommand config limit...
Page 183: ...176...