AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
AVAYA DOCUMENTATION CENTER
Find answers to your technical questions and learn how to use our products
No results found
Search suggestions:
- Use fewer tags and filters.
- Use different search terms.
Filters
Avaya G450 Branch Gateway CLI Reference
VPN
Last Updated : Nov 06, 2012 |
Root level command |
First level command |
Second level command |
Description |
|---|---|---|---|
clear crypto isakmp |
Flush a specific ISAKMP SA or all the ISAKMP SAs |
||
clear crypto sa |
Clear all or specific IPSec SAs |
||
clear crypto sa counters |
Clear the crypto SA counters |
||
crypto ipsec nat-transparency udp-encapsulation |
Re-enable NAT Traversal if it was disabled |
||
crypto ipsec transform-set |
Enter the IKE phase 2 (IPSec) transform-set context and create or edit IPSec parameters for the VPN tunnel |
||
mode |
Set security-association lifetime |
||
set pfs |
Specify whether each IKE phase 2 negotiation will employ PFS and, if yes, which Diffie-Hellman group to employ |
||
set security-association lifetime |
Set the IKE phase 2 (IPSec) SA lifetime |
||
crypto isakmp invalid-spi-recovery |
Enable invalid SPI recovery (default setting) |
||
crypto isakmp nat keepalive |
Re-enable NAT Traversal keepalive if it was disabled, and configure the keepalive interval. This command keeps the NAT devices tables updated. |
||
crypto isakmp peer |
Enter the crypto ISAKMP peer context and create or edit an ISAKMP peer |
||
continuous-channel |
Enable continuous-channel IKE, which keeps the IKE phase1 session always up and running, even if there is no traffic |
||
description (ISAKMP peer) |
Enter a description for the ISAKMP peer |
||
initiate mode |
Specify which IKE Phase-1 mode to use when communicating with the peer: |
||
isakmp-policy |
Set the ISAKMP policy for the ISAKMP peer |
||
keepalive (VPN) |
Enable DPD keepalives that check whether the remote peer is up |
||
keepalive-track |
Bind an object tracker to a remote VPN peer or to an interface, to check whether the remote peer or the interface is up |
||
pre-shared-key |
Configure the IKE pre-shared key |
||
self-identity |
Set the identity of this device |
||
suggest-key |
Generate a cryptographic-grade random string which you can use as a pre-shared key for IKE. You must use the same key on both peers. |
||
crypto isakmp peer-group |
Enter the crypto ISAKMP peer-group context and create or edit an ISAKMP peer group |
||
description (ISAKMP peer group) |
Enter a description for the ISAKMP peer group |
||
set peer (peer group) |
Add a peer to the peer-group |
||
crypto isakmp policy |
Enter the crypto ISAKMP policy context and create or edit IKE Phase 1 parameters |
||
authentication |
Set the authentication of ISAKMP policy pre-shared secret |
||
description (ISAKMP policy) |
Enter a description for the ISAKMP policy |
||
encryption |
Set the encryption algorithm for an ISAKMP policy |
||
group |
Set the Diffie-Hellman group for an ISAKMP policy |
||
hash |
Set the hash method for an ISAKMP policy |
||
lifetime |
Set the lifetime of the ISAKMP SA in seconds |
||
crypto isakmp suggest-key |
Generate a random string which you can use as a pre-shared key for IKE. You must use the same key on both peers. |
||
crypto map |
Enter crypto map context and create or edit a crypto map |
||
continuous-channel |
In a crypto ISAKMP peer context, enable continuous-channel IKE, which keeps the IKE phase1 session always up and running, even if there is no traffic |
||
description (crypto map) |
Enter a description for the crypto map |
||
set dscp |
Set the DSCP value in the tunneled packet |
||
set peer (crypto map) |
Attach a peer to a crypto map |
||
set peer-group |
Attach a peer-group to a crypto map |
||
set transform-set |
Configure the transform-set |
||
interface {FastEthernet | dialer | serial | VLAN} See IP interface configuration |
Enter the context of the FastEthernet, Dialer, Serial, or VLAN interface |
||
crypto ipsec df-bit |
Set the Don’t-Fragment bit to clear mode or copy mode |
||
crypto ipsec minimal-pmtu |
Set the minimal PMTU value that can be applied to an SA when the Branch Gateway participates in PMTUD for the tunnel pertaining to that SA |
||
ip crypto-group |
Activate a crypto-list in the context of the interface on which the crypto-list is activated |
||
ip crypto-list |
Enter crypto-list context and create or edit a crypto-list |
||
ip-rule (VPN) |
Enter ip-rule context and create or modify a specific rule |
||
description (ip rule) |
Enter a description for the ip-rule in the ip crypto-list |
||
destination-ip |
Specify the destination IP address of packets to which the current rule applies |
||
protect crypto map |
Protect traffic that matches this rule by applying the IPSec processing configured by the specific crypto map |
||
source-ip |
Indicate that the current rule applies to packets from the specified source IP address |
||
local-address |
Set the local IP address for the IPSec tunnels derived from this crypto-list |
||
show crypto ipsec sa |
Display the IPSec SA database and related runtime, statistical, and configuration information |
||
show crypto ipsec transform-set |
Display the configuration for the specified transform-set or all transform-sets |
||
show crypto isakmp peer |
Display crypto ISAKMP peer configuration |
||
show crypto isakmp peer-group |
Display crypto ISAKMP peer-group configuration |
||
show crypto isakmp policy |
Display ISAKMP policy configuration |
||
show crypto isakmp sa |
Display the ISAKMP SA database status |
||
show crypto map |
Display all or specific crypto map configurations |
||
show ip active-lists |
Display information about a specific policy list or all lists |
||
show ip crypto-list |
Display all or specific crypto-list configurations |
Related information