ipsec
config
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
Commands in this context configure Internet Protocol security (IPsec) parameters. IPsec is a structure of open standards that uses cryptographic security services to ensure private, secure communications over IP networks.
static-sa sa-name [create]
no static-sa
config>ipsec
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command configures an IPsec static security association (SA).
The no form of this command removes the configuration.
Specifies the SA name, up to 32 characters.
Mandatory keyword to create an SA instance.
authentication auth-algorithm ascii-key ascii-string
authentication auth-algorithm hex-key hex-string [hash | hash2]
no authentication
config>ipsec>static-sa
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command configures the authentication algorithm to use for an IPsec manual SA.
The no form of this command removes the configuration.
no authentication
Specifies the authentication algorithm.
Specifies the ASCII key, up to 16 characters for md5 and 20 characters for sha1.
The authentication key is stored an encrypted format. The minimum key length is configured using the config>system>security>password>minimum-length command.
The complexity of the key is configured using the commands in the config>system>security>password>complexity-rules context.
Specifies the hexadecimal key, up to 32 hexadecimal nibbles for md5 and up to 40 hexadecimal nibbles for sha1.
Keyword that stores all specified keys in encrypted format in the configuration file. The password must be entered in encrypted form when this keyword is configured. If this keyword is not configured, the key is assumed to be in a non-encrypted form.
Keyword to store the key in a more complex encrypted form. If this keyword is not used, the less encrypted hash form is assumed.
description description-string
no description
config>ipsec>static-sa
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command creates a text description, which is stored in the configuration file, to help identify the content of the entity.
The no form of this command removes the string from the configuration.
Specifies the description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. It the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed in double quotes.
direction ipsec-direction
no direction
config>ipsec>static-sa
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command configures the direction for an IPsec manual SA.
The no form of this command reverts to the default value.
direction bidirectional
Specifies the direction.
protocol ipsec-protocol
no protocol
config>ipsec>static-sa
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command configures the security protocol to use for an IPsec manual SA.
The no form of this command reverts to the default value.
protocol esp
Specifies the security protocol.
spi spi
no spi
config>ipsec>static-sa
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command configures the security parameter index (SPI) key value for an IPsec manual SA.
The no form of this command removes the configured SPI key value.
Specifies the SPI value.