Digital Memories 2005 v3.3.1.34 serial key or number

Table of Contents

Chapter 1 L2TP Configuration Commands. 1-1

1.1 L2TP Configuration Commands. 1-1

1.1.1 allow l2tp. 1-1

1.1.2 debugging l2tp. 1-2

1.1.3 display l2tp session. 1-3

1.1.4 display l2tp Tunnel 1-4

1.1.5 display l2tp user 1-5

1.1.6 interface virtual-template. 1-6

1.1.7 l2tp enable. 1-6

1.1.8 l2tp-auto-client enable. 1-7

1.1.9 l2tp-group. 1-7

1.1.10 l2tpmoreexam enable. 1-8

1.1.11 mandatory-chap. 1-9

1.1.12 mandatory-lcp. 1-10

1.1.13 reset l2tp session. 1-10

1.1.14 reset l2tp Tunnel 1-11

1.1.15 reset l2tp user 1-11

1.1.16 session idle-time. 1-12

1.1.17 start l2tp. 1-13

1.1.18 start l2tp Tunnel 1-14

1.1.19 Tunnel authentication. 1-14

1.1.20 Tunnel avp-hidden. 1-15

1.1.21 Tunnel flow-control 1-16

1.1.22 Tunnel keepstanding. 1-16

1.1.23 Tunnel name. 1-17

1.1.24 Tunnel password. 1-18

1.1.25 Tunnel timer hello. 1-18

Chapter 2 GRE Configuration Commands. 2-1

2.1 GRE Configuration Commands. 2-1

2.1.1 debugging Tunnel 2-1

2.1.2 destination. 2-1

2.1.3 display interface Tunnel 2-2

2.1.4 gre checksum.. 2-4

2.1.5 gre key. 2-5

2.1.6 interface Tunnel 2-5

2.1.7 keepalive. 2-6

2.1.8 source. 2-7

2.1.9 Tunnel-protocol gre. 2-8

Chapter 3 IPSec Configuration Commands. 3-1

3.1 IPSec Configuration Commands. 3-1

3.1.1 ah authentication-algorithm.. 3-1

3.1.2 debugging ike dpd. 3-2

3.1.3 debugging ipsec. 3-2

3.1.4 display ike dpd. 3-3

3.1.5 display ipsec policy. 3-4

3.1.6 display ipsec policy-template. 3-7

3.1.7 display ipsec proposal 3-8

3.1.8 display ipsec sa. 3-9

3.1.9 display ipsec statistics. 3-13

3.1.10 display ipsec Tunnel 3-14

3.1.11 dpd. 3-15

3.1.12 encapsulation-mode. 3-15

3.1.13 esp authentication-algorithm.. 3-17

3.1.14 esp encryption-algorithm.. 3-18

3.1.15 ike dpd. 3-19

3.1.16 interval-time. 3-19

3.1.17 ipsec policy. 3-20

3.1.18 ipsec policy. 3-21

3.1.19 ipsec policy-template. 3-22

3.1.20 ipsec proposal 3-23

3.1.21 ipsec sa global-duration. 3-24

3.1.22 pfs. 3-25

3.1.23 proposal 3-26

3.1.24 reset ipsec sa. 3-27

3.1.25 reset ipsec statistics. 3-29

3.1.26 sa authentication-hex. 3-29

3.1.27 sa duration. 3-31

3.1.28 sa encryption-hex. 3-32

3.1.29 sa spi 3-33

3.1.30 sa string-key. 3-35

3.1.31 security acl 3-36

3.1.32 time-out 3-37

3.1.33 transform.. 3-38

3.1.34 Tunnel local 3-39

3.1.35 Tunnel remote. 3-40

3.2 Encryption Card Configuration Commands. 3-41

3.2.1 debugging encrypt-card host 3-41

3.2.2 display encrypt-card fast-switch. 3-41

3.2.3 display interface encrypt 3-42

3.2.4 encrypt-card backuped. 3-43

3.2.5 encrypt-card fast-switch. 3-44

3.2.6 interface encrypt 3-45

3.2.7 ipsec card-proposal 3-46

3.2.8 reset counters interface encrypt 3-47

3.2.9 reset encrypt-card fast-switch. 3-47

3.2.10 reset encrypt-card sa. 3-48

3.2.11 reset encrypt-card statistics. 3-48

3.2.12 reset encrypt-card syslog. 3-49

3.2.13 snmp-agent trap enable encrypt-card. 3-50

3.2.14 use encrypt-card. 3-51

Chapter 4 IKE Configuration Commands. 4-1

4.1 IKE Configuration Commands. 4-1

4.1.1 authentication-algorithm.. 4-1

4.1.2 authentication-method. 4-1

4.1.3 debugging ike. 4-3

4.1.4 dh. 4-3

4.1.5 display ike peer 4-4

4.1.6 display ike proposal 4-5

4.1.7 display ike sa. 4-5

4.1.8 encryption-algorithm.. 4-7

4.1.9 exchange-mode. 4-8

4.1.10 id-type. 4-9

4.1.11 ike encrypt-card dh-computation disabled. 4-9

4.1.12 ike local-name. 4-10

4.1.13 ike next-payload check disabled. 4-11

4.1.14 ike peer 4-11

4.1.15 ike-peer 4-12

4.1.16 ike proposal 4-12

4.1.17 ike sa keepalive-timer interval 4-14

4.1.18 ike sa keepalive-timer timeout 4-15

4.1.19 ike sa nat-keepalive-timer interval 4-16

4.1.20 local 4-16

4.1.21 local-address. 4-17

4.1.22 nat traversal 4-17

4.1.23 peer 4-18

4.1.24 pre-shared-key. 4-19

4.1.25 remote-address. 4-19

4.1.26 remote-name. 4-20

4.1.27 reset ike sa. 4-21

4.1.28 sa duration. 4-22

Chapter 5 PKI Configuration Commands. 5-1

5.1 PKI Domain Configuration Commands. 5-1

5.1.1 ca identifier 5-1

5.1.2 certificate request entity. 5-1

5.1.3 certificate request from.. 5-2

5.1.4 certificate request mode. 5-3

5.1.5 certificate request polling. 5-4

5.1.6 certificate request url 5-4

5.1.7 crl check disable. 5-5

5.1.8 crl update-period. 5-6

5.1.9 crl url 5-6

5.1.10 ldap-server 5-7

5.1.11 pki domain. 5-7

5.1.12 root-certificate fingerprint 5-8

5.2 PKI Entity Configuration Commands. 5-9

5.2.1 fqdn. 5-9

5.2.2 common-name. 5-10

5.2.3 country. 5-10

5.2.4 ip. 5-11

5.2.5 locality. 5-11

5.2.6 organization. 5-12

5.2.7 organization-unit 5-12

5.2.8 state. 5-13

5.2.9 pki entity. 5-13

5.3 PKI Certificate Operation Commands. 5-14

5.3.1 pki delete-certificate. 5-14

5.3.2 pki import-certificate. 5-15

5.3.3 pki request-certificate. 5-15

5.3.4 pki retrieval-certificate. 5-16

5.3.5 pki retrieval-crl 5-17

5.3.6 pki validate-certificate. 5-17

5.4 PKI Displaying and Debugging Commands. 5-18

5.4.1 debugging pki 5-18

5.4.2 display pki certificate. 5-22

5.4.3 display pki crl 5-24

Chapter 6 DVPN Configuration Commands. 6-1

6.1.1 algorithm-suite. 6-1

6.1.2 authentication-client method. 6-2

6.1.3 authentication-server method. 6-2

6.1.4 data algorithm-suite. 6-3

6.1.5 data ipsec-sa duration. 6-4

6.1.6 debugging dvpn. 6-5

6.1.7 display dvpn ipsec-sa. 6-5

6.1.8 display dvpn map. 6-6

6.1.9 display dvpn session. 6-7

6.1.10 display dvpn info. 6-8

6.1.11 display dvpn online-user 6-9

6.1.12 dvpn class. 6-10

6.1.13 dvpn client register-dumb. 6-10

6.1.14 dvpn client register-interval 6-11

6.1.15 dvpn client register-retry. 6-12

6.1.16 dvpn dvpn-id. 6-12

6.1.17 dvpn interface-type. 6-13

6.1.18 dvpn policy. 6-13

6.1.19 dvpn policy. 6-14

6.1.20 dvpn register-type. 6-15

6.1.21 dvpn security. 6-16

6.1.22 dvpn server 6-16

6.1.23 dvpn server authentication-client method. 6-17

6.1.24 dvpn server map age-time. 6-18

6.1.25 dvpn server pre-shared-key. 6-18

6.1.26 dvpn service enable. 6-19

6.1.27 local-user 6-20

6.1.28 public-ip. 6-20

6.1.29 pre-shared-key. 6-21

6.1.30 private-ip. 6-21

6.1.31 reset dvpn all 6-22

6.1.32 reset dvpn map. 6-22

6.1.33 reset dvpn session. 6-23

6.1.34 reset dvpn statistics. 6-23

6.1.35 session algorithm-suite. 6-24

6.1.36 session idle-time. 6-25

6.1.37 session keepalive-interval 6-26

6.1.38 session setup-interval 6-26

6.1.39 Tunnel-protocol udp dvpn. 6-27

1.1  L2TP Configuration Commands

1.1.1  allow l2tp

Syntax

allow l2tp virtual-templatevirtual-template-numberremoteremote-name[ domaindomain-name ]

undo allow

View

L2TP group view

Parameter

virtual-template-number: Specifies the virtual template interface used when creating new virtual access interface, an integer ranging from 0 to 1023.

remote-name: Specifies the name of the peer end of the tunnel that initiates the connection request, a case sensitive string containing 1 to 30 characters.

domain-name: Specifies the name of enterprise, a string containing 1 to 30 characters.

Description

Use the allow l2tp command to specify the name of the peer end of the tunnel and the used Virtual-Template on receiving a call.

Use the undo allow command to remove the name of the peer end of the tunnel and the used Virtual-Template.

By default, incoming call is restricted.

This command is used on LNS side.

For multi-instance applications of L2TP, the domain-name parameter must be configured.

When L2TP group number1 (the default L2TP group number) is used, the name of the peer end of the tunnel remote-name can be unspecified. When configured in the view of L2TP group 1, the format of the command is as follows:

allow l2tp virtual-templatevirtual-template-number [ remoteremote-name ] [ domaindomain-name ]

If a peer end name is specified in L2TP group 1 configuration, L2TP group 1 will not serve as the default L2TP group. For example, in the environment of Windows 2000 beta 2, the local name of VPN connection is NONE, so the peer end name that the SecBlade receives is NONE. In order to allow the SecBlade to receive tunnel connection requests sent by this kind of unknown peer ends, or for the test purposes, a default L2TP group needs to be configured.

The allow l2tp command is used on LNS side. If a peer end name of the tunnel is configured, it must be the name of the local end configured on LAC side.

Related command: l2tp-group.

Example

# Configure to receive L2TP tunnel connection requests sent by the peer end AS8010 (LAC side), and create a virtual-access interface on virtual-template 1.

[SecBlade_VPN-l2tp2] allow l2tp virtual-template 1 remote AS8010

# Configure L2TP group 1 as the default L2TP group to receive L2TP tunnel connection requests sent by any peer end, and create a virtual-access interface according to virtual-template 1.

[SecBlade_VPN] l2tp-group 1

[SecBlade_VPN-l2tp1] allow l2tp virtual-template 1

1.1.2  debugging l2tp

Syntax

debugging l2tp { all | control | dump | error | event | hidden | payload | time-stamp }

undo debugging l2tp { all | control | dump | error | event | hidden | payload | time-stamp }

View

User view

Parameter

all: Specifies to enable all L2TP related debugging.

control: Specifies to enable control packet debugging.

dump: Specifies to enable PPP packet debugging.

error: Specifies to enable error debugging.

event: Specifies to enable event debugging.

hidden: Specifies to enable hidden AVP debugging.

payload: Specifies to enable L2TP payload debugging.

time-stamp: Specifies to enable time-stamp debugging.

Description

Use the debugging l2tp command to enable L2TP debugging.

Use the undo debugging l2tp command to disable L2TP debugging.

Example

# Enable all L2TP debugging.

<SecBlade_VPN> debugging l2tp all

1.1.3  display l2tp session

Syntax

display l2tp session

View

Any view

Parameter

None

Description

Use the display l2tp session command to view the current L2TP sessions.

Related command: display l2tp Tunnel.

Example

# Display current L2TP sessions.

<SecBlade_VPN> display l2tp session

LocalSID     RemoteSID   LocalTID IdleTimeLeft

 1                   1           2        600

Total session = 1

Table 1-1 Description on the fields of the display l2tp session command