CLI commands for configuring and monitoring security.

Security Configuration Commands

Use the following commands to configure security parameters:

 security
  control
    protocol (dtls | tls)
    tls-port number
  ipsec
    authentication-type type
    rekey seconds 
    replay-window number
  vpn vpn-id
    interface ipsecnumber
      access-list acl-name
      block-non-source-ip
      clear-dont-fragment
      dead-peer-detection  interval seconds retries number
      description text
    ike
      authentication-type type
        local-id id
        pre-shared-secret password
        remote-id id
     cipher-suite suite
     group number
     mode mode
     rekey seconds 
     version number
   ip address ipv4-prefix/length
 ipsec
  cipher-suite suite
  perfect-forward-secrecy pfs-setting
  rekey seconds
  replay-window number
 mtu bytes
 policer policer-name
 rewrite-rule rule-name
 [no] shutdown
 tcp-mss-adjust bytes
 tunnel-destination (dns-name | ipv4-address)
 (tunnel-source ip-address |  tunnel-source-interface interface-name)

Security Monitoring Commands

• show control connections

• show security-info