set vpn
Description
Configures existing remote VPN sites.
Syntax
|
|
Parameters
|
Parameter |
Description |
|---|---|
|
aggressive-mode-DH-group |
Determine the strength of the key when aggressive mode is enabled |
|
aggressive-mode- enable-gateway-id |
Indicates if gateway ID matching will be used. This adds a layer of security to aggressive mode Type: Boolean (true/false) |
|
aggressive-mode- enable-peer-id |
Indicates if peer ID matching will be used. This adds a layer of security to aggressive mode Type: Boolean (true/false) |
|
aggressive-mode-enabled |
Indicates if Aggressive mode, a less secure negotiation protocol compared to main mode, is used. It is less recommended if the remote site supports IPSec main mode Type: Boolean (true/false) |
|
aggressive-mode-gateway-id |
The gateway ID that will be used for matching when configured to Type: vpnAggressiveModePeerId |
|
aggressive-mode- gateway-id-type |
Indicates the type of gateway ID that will be used for matching when configured Options: domain-name, user-name |
|
aggressive-mode-peer-id |
The peer ID that will be used for matching when configured to Type: vpnAggressiveModePeerId |
|
aggressive-mode-peer-id-type |
Indicates the type of peer ID that will be used for matching when configured Options: domain-name, user-name |
|
auth-method |
Indicates the type of authentication used when connecting to the remote site Type: Press TAB to see available options |
|
disable-nat |
Disable NAT for traffic to/from the remote site. Useful when one of the internal networks contains a server Type: Boolean (true/false) |
|
enable-perfect- forward-secrecy |
Ensures that a session key will not be compromised if one of the (long-term) private keys is compromised in the future. Type: Boolean (true/false) |
|
enable-permanent-vpn-tunnel |
VPN Tunnels are constantly kept active and as a result, make it easier to recognize malfunctions and connectivity problems Type: Boolean (true/false) |
|
enabled |
Indicates whether or not the remote site is enabled Type: Boolean (true/false) |
|
enc-method |
Indicates which encryption method is used Options: ike-v1, ike-v2, prefer-ike-v2 |
|
enc-profile |
Encryption profile (one of predefined profiles or custom) Type: virtual |
|
is-check-point-site |
Enable if the remote site is connected through a Check Point Security Gateway Type: Boolean (true/false) |
|
is-site-behind-static-nat |
When connection type is IP address, this indicates if it is behind static NAT |
|
link-selection-primary-addr |
Specifies The primary IP address for the link selection Type: A string of alphanumeric characters without space between them |
|
link-selection-probing-method |
The type of probing used for link selection when multiple IP addresses are configured for the remote site Options: ongoing, one-time |
|
match-cert-dn |
Indicates if certificate matching should match the DN string in the certificate to the configured DN string Type: Boolean (true/false) |
|
match-cert-dn-string |
Indicates the configured DN string for certificate matching Type: String |
|
match-cert-e-mail |
Indicates if certificate matching should match the E-mail string in the certificate to the configured E-mail string Type: Boolean (true/false) |
|
match-cert-e-mail-string |
Indicates the configured E-mail string for certificate matching Type: Email address |
|
match-cert-ip |
Indicates if certificate matching should match IP address in the certificate to the site's IP address Type: Boolean (true/false) |
|
name |
Site name Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9, a-z, _ -) characters without spaces |
|
password |
Preshared secret (minimum 6 characters) to be used when authentication method is configured as such Type: vpnPassword |
|
phase1-reneg-interval |
The period, in minutes, between each IKE SA renegotiation Type: A number with no fractional part (integer) |
|
phase2-dh |
Determine the strength of the key used for the IPsec (Phase 2) key exchange process. The higher the group number, the stronger and more secure the key is. |
|
phase2-reneg-interval |
The period, in seconds, between each IPSec SA renegotiation Type: A number with no fractional part (integer) |
|
remote-site-enc-dom-type |
The method of defining the remote site's encryption domain Options: manually-defined-enc-dom, route-all-traffic-to-site, route-based-vpn, enc-dom-hidden-behind-remote-site |
|
remote-site-host-name |
Indicates the remote site's host name when the link selection method is configured as such |
|
remote-site-ip-address |
Indicates the remote site's single IP address when the link selection method is configured as such |
|
remote-site-link-selection |
Indicates the method of determining the destination IP address/s of the remote site Options: ip-address, host-name, high-availability, load-sharing, connection- initiated-only-from-remote-site |
|
site |
Site name Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9, a-z, _ -) characters without spaces |
|
static-nat-ip |
Indicates an external routable IP address via static NAT used by the remote site, when configured as such |
|
use-trusted-ca |
Indicates if a specific trusted CA is used for matching the remote site's certificate or all configured trusted CAs |
Example
|
|