Configuration - IPSec Mode

session-key

Use the IPSec session-keycommand to specify the parameters needed during manual key exchange (ipsec-manual).

Syntax: (config-ipsec-{n})# session-key {inboundoutbound} ah spi authentication [md5sha] hex-key-data

Field

Definition

inbound

Set the inbound (local) IPSec key.

 

 

outbound

Set the outbound (remote) IPSec key.

 

 

ah spi

Set the Authentication Header Security Parameter Index. 100-FFF

 

 

md5

Set authentication to MD5.

 

 

sha

Set authentication to Secure Hash Algorithm.

 

 

hex-key-data

MD5 or SHA authentication key in hex. String length must be 40.

 

 

Example: (config-ipsec-1)# session-key outbound ah 256 authentication md5 0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f

Supported Platforms: Adit 3104, Adit 3200, Adit 3500, MSR

set-pfs

Use the IPSec set-pfscommand to enable Perfect Forward Secrecy.

Syntax: (config-ipsec-{n})# set-pfs {125phase1}

Field

Definition

 

1

Use DH group 1

(768 bit).

 

 

 

2

Use DH group 2

(1024 bit).

 

 

5

Use DH group 25 (1536 bit).

 

 

phase1

Use the same settings as the Phase 1 group settings.

 

 

 

Example: (config-ipsec-1)# set-pfs phase1

Supported Platforms: Adit 3104, Adit 3200, Adit 3500, MSR

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

14-19

Page 339
Image 339
Carrier Access none manual Set-pfs, Session-key