1. Home
    2. /
  2. Manuals
    3. /
  3. Motorola
    4. /
  4. Netopia-3000
    5. /
  5. 55
Page 271 / 351 Scroll up to view Page 266 - 270
271
CONFIG Commands
set security ipsec tunnels name "123" tun-enable
(on) {on | off}
This enables this particular tunnel. Currently, one tunnel is supported.
set security ipsec tunnels name "123" dest-ext-address
ip-address
Specifies the IP address of the destination gateway.
set security ipsec tunnels name "123" dest-int-network
ip-address
Specifies the IP address of the destination computer or internal network.
set security ipsec tunnels name "123" dest-int-netmask
netmask
Specifies the subnet mask of the destination computer or internal network. The subnet
mask specifies which bits of the 32-bit IP address represents network information. The
default subnet mask for most networks is 255.255.255.0 (class C subnet mask).
set security ipsec tunnels name "123" encrypt-protocol
(ESP) { ESP | none }
See
page 130
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" auth-protocol
(ESP) {AH | ESP | none}
See
page 130
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode
pre-shared-key-type (hex) {ascii | hex}
See
page 130
for details about SafeHarbour IPsec tunnel capability.
Page 272 / 351
272
set security ipsec tunnels name "123" IKE-mode
pre-shared-key ("") {hex string}
See
page 130
for details about SafeHarbour IPsec tunnel capability.
Example:
0x1234
set security ipsec tunnels name "123" IKE-mode
neg-method {main | aggressive}
See
page 130
for details about SafeHarbour IPsec tunnel capability.
Note:
Aggressive Mode
is a little faster, but it does not provide identity protection for nego-
tiations nodes.
set security ipsec tunnels name "123" IKE-mode
DH-group (1) { 1 | 2 | 5}
See
page 130
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode
isakmp-SA-encrypt (DES) { DES | 3DES }
See
page 130
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode
ipsec-mtu
mtu_value
This command is supported beginning with Version 7.4
The
M
aximum
T
ransmission
U
nit is a link layer restriction on the maximum number of
bytes of data in a single transmission. The maximum allowable value (also the default) is
1500, and the minimum is 100.
set security ipsec tunnels name "123" IKE-mode isakmp-SA-hash
(MD5) {MD5 | SHA1}
See
page 130
for details about SafeHarbour IPsec tunnel capability.
Page 273 / 351
273
CONFIG Commands
set security ipsec tunnels name "123" IKE-mode PFS-enable
{ off | on }
See
page 130
for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode invalid-spi-recovery
{ off | on }
Enables the Gateway to re-establish the tunnel if either the Netopia Gateway or the peer
gateway is rebooted.
set security ipsec tunnels name "123" xauth enable {off | on }
Enables or disables Xauth extensions to IPsec, when
IKE-mode neg-method
is set to
aggressive
. Default is
off
.
set security ipsec tunnels name "123" xauth username
username
Sets the Xauth username, if Xauth is enabled.
set security ipsec tunnels name "123" xauth password
password
Sets the Xauth password, if Xauth is enabled.
set security ipsec tunnels name "123" nat-enable { on | off }
Enables or disables NAT on the specified IPsec tunnel. The default is
off
.
set security ipsec tunnels name "123" nat-pat-address
ip-address
Specifies the NAT port address translation IP address for the specified IPsec tunnel.
set security ipsec tunnels name "123" local-id-type
{ IP-address | Subnet | Hostname | ASCII }
Specifies the NAT local ID type for the specified IPsec tunnel, when Aggressive Mode is set.
Page 274 / 351
274
set security ipsec tunnels name "123" local-id
id_value
Specifies the NAT local ID value as specified in the
local-id-type
for the specified IPsec
tunnel, when Aggressive Mode is set.
Note
: If
subnet
is selected, the following two values are used instead:
set security ipsec tunnels name "123" local-id-addr
ip-address
set security ipsec tunnels name "123" local-id-mask
ip-mask
set security ipsec tunnels name "123" remote-id-type
{ IP-address | Subnet | Hostname | ASCII }
Specifies the NAT remote ID type for the specified IPsec tunnel, when Aggressive Mode is
set.
set security ipsec tunnels name "123" remote-id
id_value
Specifies the NAT remote ID value as specified in the
remote-id-type
for the specified
IPsec tunnel, when Aggressive Mode is set.
Note
: If
subnet
is selected, the following two values are used instead:
set security ipsec tunnels name "123" remote-id-addr
ip-address
set security ipsec tunnels name "123" remote-id-mask
ip-mask
Page 275 / 351
275
CONFIG Commands
Internet Key Exchange (IKE) Settings
The following four IPsec parameters configure the rekeying event.
set security ipsec tunnels name "123" IKE-mode
ipsec-soft-mbytes (1000) {1-1000000}
set security ipsec tunnels name "123" IKE-mode
ipsec-soft-seconds (82800) {60-1000000}
set security ipsec tunnels name "123" IKE-mode
ipsec-hard-mbytes (1200) {1-1000000}
set security ipsec tunnels name "123" IKE-mode
ipsec-hard-seconds (86400) {60-1000000}
The
soft
parameters designate when the system negotiates a new key. For example,
after 82800 seconds (23 hours) or 1 Gbyte has been transferred (whichever comes
first) the key will be renegotiated.
The
hard
parameters indicate that the renegotiation must be complete or the tunnel will
be disabled. For example, 86400 seconds (24 hours) means that the renegotiation
must be complete within one day.
Both ends of the tunnel set parameters, and typically they will be the same. If they are not
the same, the rekey event will happen when the longest time period expires or when the
largest amount of data has been sent.

Rate

4.7 / 5 based on 3 votes.

Popular Motorola Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top