Patton electronic 2800 user manual Nodecfg#profile ipsec-policy-man

Step

Command

Purpose

1

node(cfg)#profile ipsec-policy-man-

Creates the IPsec policy profile name

ual name

2

node(pf-ipstr)[name]#use profile

Selects the IPsec transformation profile to be

ipsec-transform name

applied

3

node(pf-ipstr)[name]#session-key

Sets a key for encryption or an authenticator for

optional

{ inbound outbound }

authentication, either for inbound or outbound

{ ah-aauthentication esp-

direction. The key shall consist of hexadecimal

digits (0..9, A..F); one digit holds 4 Bit of key

authentication esp-encryption } key

information.

The key setting must match definitions in the

respective IPsec transformation profile. In particu-

lar, the length of the key or authenticator must

match the implicit (see section “Authentication”

on page 68 and “Encryption” on page 68) or

explicit specification.

Keys must be available for inbound and out-

bound directions. They can be different for the

two directions. Make sure that the inbound key

of one peer matches the outbound key of the

other peer.

4

node(pf-ipstr)[name]#spi

Sets the SPI for encryption (esp) or authentication

{ inbound outbound } { ah esp } spi

(ah), either for inbound or outbound direction.

The SPI shall be a decimal figure in the range

1..232–1.

SPIs must be available for encryption and/or

authentication as specified in the respective IPsec

transformation profile.

SPIs must be available for inbound and outbound

directions. They can be identical for the two

directions but must be unique in one direction.

Make sure that the inbound SPI of one peer

matches the outbound SPI of the other peer.

5

node(pf-ipstr)[name]#peer ip-address

Sets the IP address of the peer

Note The peers of the secured

communication must have

static IP address. DNS reso-

lution is not available yet.

6

node(pf-ipstr)[name]#mode

Selects tunnel or transport mode

{ tunnel transport }

VPN configuration task list

71