Appendix A: IPSec Configuration File
136 NI Series WebConsole & Programming Guide
mkmSetOutboundAH

mkmSetOutboundAH

NAME mkmSetOutboundAH – set the transform ID and key for an outbound AH SA
SYNOPSIS mkmSetOutboundAH=cptr_value_string
DESCRIPTION This rule sets the transform ID and key for an outbound AH SA.
Rule Value:
cptr_value_string
A string formatted as follows:
saNumber,spi,ahTransformID,key
where
- saNumber is a unique unsigned integer specified by the user.
- spi is the decValue for the security parameter index, an unsigned long. SPI >255 and
SPI < SPI_BOUNDARY, which is defined as 2048.
- ahTransformID is:
MD5 | SHA | HMAC-MD5 | HMAC-SHA | HMAC-SHA2-256 | HMAC-SHA2-384 |
HMAC-SHA2-512 | HMAC-RIPEMD | AES-XCBC-MAC
Note that MD5 (deprecated) is equivalent to HMAC-MD5; SHA (deprecated) is equivalent to
HMAC-SHA.
- key is the authentication algorithm key in hexadecimal. It must be 32 characters for MD5; 40
characters for SHA; 64 characters for SHA2-256; 96 characters for SHA2-384; 128 charac-
ters for SHA2-512; and 40 characters for RIPEMD.
The traffic selectors for the transport or tunnel SA should be added before attempting to set
the transform and keys for the same Security Association (identified by SA Number).
EXAMPLES mkmSetOutboundAH=0,258,HMAC-MD5,123456789ABCDEF0FEDCBA987654321
Config String
Format saNumber.spi,ahTransformID,key