Chapter 4
Configuration via the Command Line Interface
4.5.1 Connection Security Descriptor parameters
Parameters table The following table summarizes the parameters comprised in the connection security descriptor. The table also indicates the keyword used in the CLI for each parameter:
Parameter | Keyword | Description | |
|
|
| |
Connection Descriptor | name | Symbolic name to identify the | |
name | Descriptor. | ||
| |||
|
|
| |
Cryptographic function | crypto | Cryptographic function to be used | |
for the IPSec Security Association. | |||
|
| ||
|
|
| |
Key length | keylen | Length of the cryptographic key | |
for the AES encryption algorithm. | |||
|
| ||
|
|
| |
Hash function | integrity | Hashing function used for | |
message authentication. | |||
|
| ||
|
|
| |
Perfect Forward Secrecy | pfs | Selects the use of Perfect Forward | |
Secrecy. | |||
|
| ||
|
|
| |
|
| The lifetime of the IPSec Security | |
IPSec SA lifetime | lifetime_secs | Association. At expiration of this | |
|
| period | |
|
|
| |
IPSec SA volume |
| The maximum data volume | |
lifetime_kbytes | transported before | ||
lifetime | |||
| occurs. | ||
|
| ||
|
|
| |
Encapsulation | encaps | Selects the ESP encapsulation | |
mode. | |||
|
| ||
|
|
|
Example: A Connection Security Descriptor is a text string, comprising the parameters described in the table above. An example is shown here:
| AES(128) |
|
| |
|
| |||
|
|
|
|
|
Cryptographic function | Hash function | |||
| (key length) |
| ||
Lifetime 86400s
IPsec SA lifetime
TUNNEL MODE
Encapsulation
mode
Connection Descriptor This name is used internally to identify the Connection Descriptor. name [name]
128 | |
|
