Novell Doc: Novell BorderManager 3.9 Administration Guide

A.1 Configuration Using SET Options

The following SET options allow you to configure certain parameters from the command line on the host. The SET options are entered at the server console as commands, and the configuration changes made this way are applied to the whole system rather than to an individual interface.

A.1.1 IKE debugmask

Syntax	IKE debugmask = n
Description:	2 = message header, 4 = message body, 8 = attribute
Range:	0 to 4294967295
Default:	8

A.1.2 IKE Certificate Request Payload

Syntax:	IKE cert request = OFF
Description:	Send certificate request payload ON=yes OFF=no
Range:	On \| Off
Default:	Off (disabled)

A.1.3 IKE Dump All IKE SAs

Syntax:	IKE DUMPSA = n
Description:	Change the number to dump all IKE SA’s.
Range:	0 to 4294967295
Default:	1

A.1.4 IKE exponent_size for DH Group 1

Syntax:	IKE exp_size for group 1 = n
Description:	Set exponent size for DH group 1
Range:	4 to 760
Default:	760

A.1.5 IKE exponent_size for DH Group 2

Syntax:	IKE exponent_size for DH group 2 =n
Description:	set exponent size for DH group 2 between
Range:	4 to 1016
Default:	1016

A.1.6 IKE Pre-shared Key

Syntax:	IKE Pre-shared key = 2
Description:	To set the pre-shared key to be used, the number given is insignificant. The user simply needs to provide a different number than previously given. The username could be <username>.<context>. For example, admin.novell.
Range:	0 to 4294967295
Default:	1

A.1.7 IKE Retransmit Timeout

Syntax:	IKE Retransmit Timeout = n
Description:	Sets the IKE retransmit timeout value.This should be used and increased depending on the speed of the link.
Range:	0 to 4294967295 seconds
Default:	5 seconds

A.1.8 IPsec Encryption Algorithm for Pre-shared Key Authentication Mode in C2S

Syntax:	IPsec encr alg for pss
Description:	IPsec encryption for Pre-shared key IKE mode IPsec_ESP_Des :1 IPsec_ESP_DES :3 IPsec_ESP_NULL :11 To set the encryption algorithm to be used in Phase 2 negotiation if the method is preshared key authentication.
Range:	1 to 11
Default:	1

A.1.9 IPsec Hash Algorithm For Pre-shared Key Authentication Mode in C2S

Syntax:	IPsec hash alg for pss = 1
Description:	IPsec hash alg for preshared key IKE mode IPsec_HMAC_MD5 :1 IPsec_HMAC_SHA :2 To set the hash algorithm to be used in Phase 2 negotiation for the preshared key authentication method
Range:	1 to 4
Default:	1

A.1.10 IPsec Use Policy

Syntax:	IPsec use policy = 1
Description:	0 - Use a uniform policy for all traffic 1 - Use different policies for different traffic
Range:	0 to 1
Default:	1

A.1.11 VPN Over NAT

Syntax:	VPN Over NAT = ON
Description:	Can be enabled or disabled over NAT
Range:	On \| Off
Default:	ON

A.1.12 Pre-shared Key

Syntax:	Set IKE Pre-shared Key = n
Description:	To set the user pre-shared key. Change the number everytime you want to change the secret.
Range:	1, 2, 3, 4 ...
Default:	1