TMS zl Management and Configuration Guide ST.1.1.100226
A-135
Command-Line Reference
IPsec Policy Context
apply
Once you have configured all parts of the IPsec policy, you must apply the
policy. The apply command verifies that all required settings are configured
and then adds or edits the IPsec policy. (If the requirements are not met, the
command does not take effect, and an error message indicates which settings
are missing.) Enter the following command:
Syntax: apply
iras
To enable (or disable) IRAS (the assignment of IP settings to clients through
IKE Mode Config), enter the following command from the IPsec policy con-
text:
Syntax: [no] iras enable
After entering this command, you move to the IPsec IRAS context. See “IPsec
IRAS Context” on page A-144.
key-exchange-method
For the TMS zl Module’s IPsec policies, you can either use manual keys or use
IKE. To set the key exchange method, enter the following command:
Syntax: key-exchange-method <auto | manual>
After you enter this command, you move to the key exchange (manual or auto)
context. In the key exchange context, you will only be able to enter commands
to configure settings for the key exchanged method you set. See “IPsec Auto
Keys Context” on page A-138 or “IPsec Manual Keys Context” on page A-141.
anti-replay-win-size <size> TMS zl Module accepts packets with out-of-
order sequence numbers within the range
specified by the anti-replay window (32–
1024, must be a multiple of 32).
Default size, 32
copy-dscp [enable | disable <dscp
value>] df-bit-handling < copy | set |
clear >
Specifies how the TMS zl Module handles
the DSCP value and the DF bit.
When you select disable for copy-dscp, you
must set the DSCP value for the packet (0–
63).
• Copying the DSCP value is
disabled and set the value is
set to 0
• Copying the DF bit is enabled
Extended Command Option Purpose Default setting