![background image](http://html.mh-extra.com/html/zyxel-communications/uag-series/uag-series_reference-manual_944300197.webp)
Chapter 40 IPSec VPN
UAG CLI Reference Guide
197
The following sections list the IPSec VPN commands.
40.2.1 IKE SA Commands
This table lists the commands for IKE SAs (VPN gateways).
distinguished_name
A domain name. You can use up to 511 alphanumeric, characters, spaces, or
.@=,_-
characters.
sort_order
Sort the list of currently connected SAs by one of the following classifications.
algorithm
encapsulation
inbound
name
outbound
policy
timeout
uptime
Table 120
Input Values for IPSec VPN Commands (continued)
LABEL
DESCRIPTION
Table 121
isakmp Commands: IKE SAs
COMMAND
DESCRIPTION
show isakmp keepalive
Displays the Dead Peer Detection period.
show isakmp policy [
policy_name
]
Shows the specified IKE SA or all IKE SAs.
isakmp keepalive <2..60>
Sets the Dead Peer Detection period.
[no] isakmp policy
policy_name
Creates the specified IKE SA if necessary and enters sub-command
mode. The
no
command deletes the specified IKE SA.
activate
deactivate
Activates or deactivates the specified IKE SA.
authentication {pre-share | rsa-sig}
Specifies whether to use a pre-shared key or a certificate for
authentication.
certificate
certificate-name
Sets the certificate that can be used for authentication.
[no] dpd
Enables Dead Peer Detection (DPD). The
no
command disables
DPD.
DPD allows the UAG to make sure the remote IPSec device is there
before transmitting data through the IKE SA.
dpd-interval <15..60>
Sets how often (in seconds) the UAG checks if the remote IPSec
device is available. If there has been no traffic from the remote
IPSec device during the specified time interval, the UAG sends a
message to the remote IPSec device. If it responds, the UAG
transmits the data. If it does not respond, the UAG shuts down the
IKE SA.
[no] fall-back
Set this to have the UAG reconnect to the primary address when it
becomes available again and stop using the secondary connection, if
the connection to the primary address goes down and the UAG
changes to using the secondary connection.
Users will lose their VPN connection briefly while the UAG changes
back to the primary connection. To use this, the peer device at the
secondary address cannot be set to use a nailed-up VPN connection.
fall-back-check-interval <60..86400>
Sets how often (in seconds) the UAG checks if the primary address
is available.
mode {main | aggressive}
Sets the negotiating mode.
Summary of Contents for UAG Series
Page 5: ...Document Conventions UAG CLI Reference Guide 5 Server Firewall Telephone Switch Router ...
Page 22: ...22 PART I Introduction ...
Page 23: ...23 ...
Page 41: ...41 PART II Reference ...
Page 42: ...42 ...