CLI Guide - WatchGuard Technologies
CLI Guide - WatchGuard Technologies
CLI Guide - WatchGuard Technologies
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CHAPTER 3: Configuration Mode Commands<br />
appliance. The number should be between 256 and<br />
65535.<br />
<br />
Use this argument to pick either MD5 or SHA<br />
encryption algorithms.<br />
<br />
This argument will contain the actual manual key<br />
text, noted in ASCII or hexadecimal notation.<br />
Example<br />
WG(config-ipsec)# action NY_IPSec -<br />
tunnel \<br />
NY_Gateway -auto no pfs_group<br />
MAX_SECURITY \<br />
ESP-3DES<br />
# This command creates an auto-key IPSec action with<br />
peer tunnel. The IP is NY_Gateway, no PFS, the first<br />
proposal is MAX_SECURITY and the second is<br />
ESP_3DES.<br />
WG(config-ipsec)# action<br />
remote_user_ipsec \<br />
-tunnel * -auto pfs_group 1 ESP-3DES-MD5<br />
\<br />
ESP-DES-MD5<br />
# This command creates a tunnel mode, auto-key IPSec<br />
action for remote users. The peer tunnel IP is *<br />
(ANY),PFS uses DH group 1, and there are two<br />
proposals: ESP-3DES-MD5 and ESP-DES-MD5.<br />
WG(config-ipsec)# action SJ_Man -tunnel<br />
\<br />
102.39.45.28 -man -esp 256 982 3des<br />
mankey<br />
# This command results in a tunnel-mode, manual-key<br />
IPSec action with a peer tunnel IP address of<br />
102.39.45.28. It uses ESP-3DES (local SPI is 256, peer<br />
SPI is 982) and the key text is “mankey”.<br />
98 <strong>WatchGuard</strong> Vclass 5.1