Appendix A: IPSec Configuration File
137
NI Series WebConsole & Programming Guide
mkmSetOutboundESP

mkmSetOutboundESP

NAME mkmSetOutboundESP – set the transform ID and key for an outbound ESP SA
SYNOPSIS mkmSetOutboundESP=configuration_string
DESCRIPTION This rule sets the transform ID and key for an outbound Encapsulating Security Payload
(ESP) Security Association (SA).
Rule Value:
configuration_string
A string formatted as follows:
saNumber,spi,espTransformID,attributeType,attributeValue
[,attributeType,attributeValue]...
where
- saNumber is a unique unsigned integer specified by the user.
- spi is the decValue for the security parameter index, an unsigned long. SPI >255 and
SPI < SPI_BOUNDARY, which is defined as 2048.
- espTransformID is:
ESPDES | ESP3DES | ESP_DES | ESP_3DES | ESPAES | ESP_AES |
ESPAES-CTR | ESP_AES-CTR | ESPNULL | ESP_NULL
Note that ESP transform names of the form ESPxxx are deprecated; the preferred names are
of the form ESP_xxx and the deprecated forms will be removed in the future.
Attribute types and values are shown in the following table:
Attribute Type Attribute Value
• ENCKEY Decryption key in hexadecimal format; must be 16 characters for DES, 48
characters for 3DES and 32 characters for AES.
• AUTHALG MD5 | SHA | HMAC-MD5 | HMAC-SHA | HMAC-SHA2-256 |
HMAC-SHA2-384 | HMAC-SHA2-512 | HMAC-RIPEMD |
AES-XCBC-MAC
• AUTHKEY Authentication key in hexadecimal format; must be 32 characters for
MD5; 40 characters for SHA; 64 characters for SHA2-256; 96 characters
for SHA2-384; 128 characters for SHA2-512; and 40
characters for RIPEMD.
• IV Initialization Vector for encryption; must be 16 characters for DES and
3DES and 32 characters for AES.
The traffic selectors for the transport or tunnel SA should be added before attempting to set
the transform and keys for the same Security Association (identified by SA Number).
Note that MD5 (deprecated) is equivalent to HMAC-MD5; SHA (deprecated) is equivalent to
HMAC-SHA.
EXAMPLES mkmSetOutboundESP="00,258,ESP_DES,ENCKEY,2134657812435687,
IV,1001100110011001,AUTHALG,HMAC-MD5,AUTHKEY,
123456789ABCDEF0FEDCBA9876543210
Config String
Format
saNumber.spi,espTransformID,attributeType,attributeValue
[,attributeType,attributeValue]…