TMS zl Management and Configuration Guide ST.1.2.100916

A-123

Command-Line Reference

IKEv1 Context

From the IKEv1 context, you can:

■ Set the IKEv1 type, local gateway, and (for a site-to-site policy) remote

gateway (page A-127)

■ Set the local and remote IDs (page A-124)

■ Set the IKEv1 mode and authentication method (page A-123)

■ Set the security parameters proposal (page A-126)

■ Configure XAUTH (page A-128)

■ Preview your IKE policy (page A-125)

■ Apply the policy (page A-123)

Note You must configure the IKEv1 type and local gateway before you can configure

the IKEv1 mode and authentication method. You must also configure the

IKEv1 type and local gateway before you configure a local or remote ID of the

IP address type.

To exit the IKEv1 context, enter the following:

Syntax: exit

If you have not applied your configuration, you will be warned that you will

lose the IKEv1 policy information and prompted to continue.

apply

Once you have configured all parts of the IKE policy, you must apply the policy.

The apply command verifies that all required settings are configured and then

adds or edits the IKEv1 policy. (If the requirements are not met, the command

does not take effect, and an error message indicates which settings are

missing.) Enter the following command:

Syntax: apply

authentication

To set the IKE authentication method, type the following command:

Syntax: authentication exchange-mode <main | aggressive> method <preshared-key

| dsa-signature | rsa-signature>

If you use preshared-key as the authentication method, you will be prompted

to input the preshared key and then to confirm (by reentering) the key, which

must be at least 12 characters. (You must ensure that this key matches the one

that is configured in the IKE policy on the remote endpoint.)