Spdsetsa – AMX NI-2100/3100/4100 User Manual
Page 137
Appendix A: IPSec Configuration File
129
NI Series WebConsole & Programming Guide
spdSetSA
SpdSetPropAttrib (Cont.)
EXAMPLES
spdSetPropAttrib=ah_default,DHGROUP,G2
spdSetPropAttrib=ah_default,ENCAP,TUNNEL,HARDLIFESIZE,4608000
spdSetPropAttrib=proposal_foo,DHGROUP,G1,ENCAP,TRANSPORT,
HARDLIFETIME,140,SOFTLIFETIME,120
Config String
Format
proposalName,attributeType,attributeValue[,attributeType,attributeV
alue…]
spdSetSA
NAME
spdSetSA – create an SA proposal in the SPD– create an SA proposal in the SPD
SYNOPSIS
spdSetSA=pConfStr
DESCRIPTION This rule creates an SA proposal in the SPD. An SA proposal is a list of proposals. IKE sends
the list to the peer during negotiation.
Rule Value:
pConfStr
A stringValue specifier formatted as follows:
saName,proposalName,proposalNumber[,proposalName,proposalNumber...]
where
- saName is unique Phase 2 SA name.
- proposalName is the name of an existing proposal with its attributes already set. You can
specify up to four proposal names.
- proposalNumber is the proposal number, which determines the ordering and combination of
proposals in the SA proposal.
When combining ESP and AH transforms, you may configure an ESP tunnel policy with an
AH tunnel policy, or an ESP transport policy with an AH transport policy, by using the same
proposal number for both policies.
EXAMPLES
spdSetSA=qm_sa_default,esp_tunnel,1,ah_tunnel,1,esp_tunnel_A,2,
esP_tunnel_B,3
spdSetSA=qm_sa_default,esp_transport,1,ah_transport,1
spdSetSA=qm_sa_default,esp_tunnel,1,ah_tunnel,2
Config String
Format
saName, proposalName,proposalNumber[,proposalName,proposalNumber…]
Pre-defined
Security
Association
(SA) proposal
names
The following are Phase II SA proposal names already defined inside the AMX Firmware and
available for use.
qm_sa_g1_transport=esp_g1_transport,1,ah_g1_transport,2
qm_sa_g2_transport=esp_g2_transport,1,ah_g2_transport,2
qm_sa_g1_tunnel=esp_g1_tunnel,1,ah_g1_tunnel,2
qm_sa_g2_tunnel=esp_g2_tunnel,1,ah_g2_tunnel,2