Belden Hirschmann EAGLE40-03 Referenzhandbuch Seite 613

4 8 .1 .4 ipse c c onne c t ion m odify
Modify a IPsec VPN connection (index in connection is mandatory).

Mode: Global Config Mode

Privilege Level: Administrator

Format: users ipsec connection modify <P-1> name <P-2> certificate ca add <P-3> clear
local <P-4> [remote <P-5>][privkey <P-6>] [passphrase <P-7>] debug informational
<P-8> not-handled <P-9> access [method <P-10>] [preshared-key <P-11>] [local-type
<P-12>] [local-id <P-13>] [remote-type <P-14>] [remote-id <P-15>] keyexchange mode
[protocol <P-16>] [startup <P-17>] [dpdtimeout <P-18>] [lifetime <P-19>]
[exchange-mode <P-20>] [margintime <P-21>] [re-authenticate <P-22>]algorithms
[key-agreement <P-23>] [integrity <P-24>][encryption <P-25>] endpoints [local-
address <P-26>][remote-address <P-27>] data-exchange mode [lifetime <P-28>]
algorithms [key-agreement <P-29>] [integrity <P-30>] [encryption <P-31>]
name: IPsec VPN connection name.
certificate: Manage certificates for this connection.
ca: Set the CA certificate file name(s). Also supports comma-separated chains.
add: Add a CA file name to the current connection.
clear: Remove all the CA file names added to the current connection.
local: Set the file name of the certificate that will identify the current device.
[remote]: Set the file name of the certificate that will identify the remote device.
[privkey]: Set the file name of the private key (if it is encrypted and cannot be automatically matched to the
certificate).
[passphrase]: Set the passphrase to be used with an encrypted private
key or PKCS12 encrypted container (warning: will be stored in the config!).
debug: IPsec VPN connection additonal debugging information to event log.
informational: Enable or disable debug of informational messages.
not-handled: Enable or disable debug of not handled messages.
access: IPsec VPN access.
[method]: Authentication method to be used.
[pre-shared-key]: Preshared key (passphrase).
[local-type]: Type of local peer identifier.
[local-id]: Local peer identifier.
[remote-type]: Type of remote peer identifier.
[remote-id]: Remote peer identifier.
key-exchange: Key exchange parameters.
mode: Key exchange mode.
[protocol]: Version of the key exchange protocol.
[startup]: Key exchange at startup.
[dpd-timeout]: Dead peer detection timeout.
[lifetime]: IKE security association lifetime.
[exchange-mode]: IKE exchange mode.
[margintime]: IKE and IPsec margintime for re-keying before timeout.
[re-authenticate]: Re-authenticate at end of IKE lifetime (IKEv2 only).
algorithms: Key exchange algorithms.
[key-agreement]: Key agreement algorithm to be used.
[integrity]: Integrity (MAC) algorithm to be used in IKEv2.
[encryption]: Encryption algorithm to be used.
endpoints: IPsec VPN tunnel endpoints.
[local-address]: Address of local security gateway.
[remote-address]: Address of remote security gateway.
data-exchange: Data exchange parameters.
mode: Data exchange mode.
[lifetime]: Lifetime of IPsec SA.
algorithms: Data exchange algorithms.
[key-agreement]: Key agreement algorithm to be used.
[integrity]: Integrity (MAC) algorithm to be used in IPsec.
[encryption]: Algorithm to be used for IPsec payload encryption.
Parameter Value
1..256
P-1
P-2 string
string
P-3
P-4 string
P-4 string
string
P-5
166
Meaning
VPN connection index.
Enter a user-defined text, max. 128 characters.
Filename.
Filename.
Filename.
Filename.
RM CLI EAGLE40-03
Release 04.1 03/2021