Internet key exchange (ike), Ikeaddpeerauth – AMX NI-2100/3100/4100 User Manual

Page 124

Advertising
background image

Appendix A: IPSec Configuration File

116

NI Series WebConsole & Programming Guide

Internet Key Exchange (IKE)

ikeAddPeerAuth

ikeAddPeerAuth

NAME

ikeAddPeerAuth – add a peer's authentication information

SYNOPSIS

ikeAddPeerAuth=configString

DESCRIPTION This rule is used to specify IKE authentication information between the host and a peer. This

rule may be called multiple times to define a set of peers with which the host will conduct IKE
negotiations.

NOTE

Specifying KEYPFS to this function will not enable perfect forward secrecy when negotiating
with the peer unless a DHGROUP is also specified in the Phase 2 attributes, set via
spdSetPropAttrib.

Rule Value:

configString

A string formatted as follows:

peerIpAddress,interfaceIpAddress,proposalName,PFS,

authenticationMethod,authenticationInfo

where
- peerIpAddress is the address of the IKE peer.
- interfaceIpAddress is the local IP address that is to communicate with the peer.
- proposalName is an existing Phase 1 proposal name, defined via ikeSetProp.
- authenticationMethod is PSK (pre-shared key) or RSA (certificate support).
- authenticationInfo depends on authenticationMethod. See below.
When authenticationMethod is PSK, authenticationInfo is the pre-shared key, represented as
printable ASCII.
When authenticationMethod is RSA, authenticationInfo is a string formatted as follows:

localKey,localKeyPassword,localCertificate[,PEER_CERT,peerCertifica

te]

localKey - The filename where the local peer's key is stored.
localKeyPassword - The password for the local peer's key. Specify NOPASS if there is no

password. Note that the maximum password length is
MAX_PRIVATE_KEY_PASSWORD_LENGTH.

localCertificate - The filename where the local peer's certificate is stored.
peerCertificate - The filename where the remote peer's certificate is locally stored. If

PEER_CERT is specified, any certificate payload(s) received from the remote IKE peer
during IKE phase 1 negotiation will be ignored and the certificate specified in
peerCertificate will be used to authenticate the remote peer.

All keys and certificates are stored on the local file system, in the directory set by the project
facility parameter IKE_CERT_PATH.

Advertising
This manual is related to the following products:

NI-700/900, NI-2000/3000/4000

Popular Brands
Popular manuals