Create a new Connection Security Descriptor

Configuration via the Command Line Interface

4.5.3 Create a new Connection Security Descriptor

add command A new Connection Security Descriptor is created with the ipsec connection descriptor add command.

Example In the following example, a new Connection Security Descriptor is created, named cnctdes1

[ipsec connection]=>descriptor [ipsec connection descriptor]=>add name = cnctdes1

:ipsec connection descriptor add name=cnctdes1 [ipsec connection descriptor]=>

The result of this operation can be verified with the list command.

[ipsec connection descriptor]=>list

[AES_SHA1_TUN] : AES(128) HMAC-SHA1 Lifetime 86400s Tunnel Mode

[AES_MD5_TUN] : AES(128) HMAC-MD5 Lifetime 86400s Tunnel Mode

[AES_SHA1_PFS_TUN] : AES(128) HMAC-SHA1 PFS Lifetime 86400s Tunnel Mode

[AES_MD5_PFS_TUN] : AES(128) HMAC-MD5 PFS Lifetime 86400s Tunnel Mode

[3DES_SHA1_TUN] : 3DES HMAC-SHA1 Lifetime 86400s Tunnel Mode

[3DES_MD5_TUN] : 3DES HMAC-MD5 Lifetime 86400s Tunnel Mode

[3DES_SHA1_PFS_TUN] : 3DES HMAC-SHA1 PFS Lifetime 86400s Tunnel Mode

[3DES_MD5_PFS_TUN] : 3DES HMAC-MD5 PFS Lifetime 86400s Tunnel Mode

[DES_SHA1_TUN] : DES HMAC-SHA1 Lifetime 86400s Tunnel Mode

[DES_MD5_TUN] : DES HMAC-MD5 Lifetime 86400s Tunnel Mode

[AES_SHA1_Adv_TUN] : AES(256) HMAC-SHA1 PFS Lifetime 86400s Tunnel Mode

[3DES_SHA1_Adv_TUN] : 3DES HMAC-SHA1 PFS Lifetime 86400s Tunnel Mode

[NullEnc_SHA1_TUN] : NULL HMAC-SHA1 Lifetime 86400s Tunnel Mode

[cnctdes1] : Tunnel Mode

[ipsec connection descriptor]=>

It is seen that the new descriptor, named “cnctdes1”, has been created.

Thirteen Connection Security Descriptors are pre-defined in the

SpeedTouch™, covering the most common settings. In total, up to 40

Security Descriptors can be defined. This total includes both the Peer

Security Descriptors and the Connection Security Descriptors.

132	E-DOC-CTC-20051017-0169 v0.1