CHAPTER 3: Configuration Mode Commands
96
WatchGuard Vclass 5.1
Effect
Records a new IPSec action (manual key or
automatic key), including one or more proposals
which have been created beforehand.
Arguments
<”name”>
Type a unique name for this action.
<-tunnel_mode|-transport_mode>
This argument determines whether this action is
tunnel mode or transport mode.
<*|peer IP address|address group>
If you enter tunnel mode, you must then qualify it
with one of the following: (1) enter "*" to indicate
ANY source, (2) enter a specific peer appliance’s IP
address, or (3) enter the name of an address group
containing the peer IP address.
-auto_key
Enter this argument if this action utilizes an
automatic key. Do not use the “manual–key” if
using an automatic key.
The following two arguments further qualify this
automatic key exchange.
[no] pfs_group <1|2>
If this action uses an automatic key, use this
argument to specify which perfect forward security
option (Diffie-Hellman Group 1 or 2) will be used.
If none is used, you can preface this argument with
“no”.
<"proposal_name"> [<"proposal_name">…]
If this action uses an automatic key, use this
argument to enter the IKE proposal names
(whether one or more.)
-manual_key
Enter this argument if this action employs a
manual key. (If doing so, do not use the “auto_key”
argument.) The following ten arguments (grouped