TMS zl Management and Configuration Guide ST.1.2.100916
A-162
Command-Line Reference
IPsec Policy Context
hostswitch(tms-module-<slot ID>:config)# ipsec proposal
testprop encapsulation tunnel security esp encryption
3des auth md5
hostswitch(tms-module-<slot ID>:config)# ipsec policy
policytest
hostswitch(tms-module-<slot ID>:ipsec)# action apply
hostswitch(tms-module-<slot ID>:ipsec:apply)# traffic-
selector protocol any local 10.1.5.0/24 remote 10.2.15.0/
24
hostswitch(tms-module-<slot ID>:ipsec:apply)# proposal
testprop
hostswitch(tms-module-<slot ID>:ipsec:apply)# key-
exchange-method auto
hostswitch(tms-module-<slot ID>:ipsec:apply:auto)# ikev1
iketest
hostswitch(tms-module-<slot ID>:ipsec:apply:auto)# pfs
enable dh-group group2-1024
hostswitch(tms-module-<slot ID>:ipsec:apply:auto)# sa-
lifetime seconds 28800 kilobytes 1000000
hostswitch(tms-module-<slot ID>:ipsec:apply:auto)# exit
hostswitch(tms-module-<slot ID>:ipsec:apply)# advanced
ip-compression enable
hostswitch(tms-module-<slot ID>:ipsec:apply)# advanced
anti-replay-win-size 64
hostswitch(tms-module-<slot ID>:ipsec:apply)# advanced
extended-seq-num enable
hostswitch(tms-module-<slot ID>:ipsec:apply)# advanced
re-key-seq-number-overf enable
hostswitch(tms-module-<slot ID>:ipsec:apply)# no
advanced persistent-tunnel enable
hostswitch(tms-module-<slot ID>:ipsec:apply)# advanced
fragment-before-ipsec enable