Mkmaddtunnel – AMX NI-2100/3100/4100 User Manual

Appendix A: IPSec Configuration File

133

NI Series WebConsole & Programming Guide

mkmAddTunnel

mkmAddTunnel

NAME

mkmAddTunnel – add a tunnel mode Security Association

SYNOPSIS

mkmAddTunnel=cptr_mkm_sa

DESCRIPTION This rule adds a tunnel mode Security Association (SA). After adding an SA and setting the

associated transform ID and keys, mkmCommit must be called to commit the SA to the Secu-
rity Association Database (SADB).

Rule Value:

cptr_mkm_sa

A string formatted as follows:

saNumber,protocolSelector[/destinationPort/sourcePort],

destinationAddressSelector,sourceAddressSelector,directionality,

tunnelEndpointIPAddress,networkInterfaceAddress

where
- saNumber is a decValue, a unique number to be assigned to the SA.
- protocolSelector is the IANA IP protocol number, decValue | ANY. Use 6 for TCP or 17 for
UDP.
- destinationPort and sourcePort are:

decValue | ANY.

- destinationAddressSelector and sourceAddressSelector are:

ipAddress1[-ipAddress2 | /ipMaskPrefix].

- directionality is IN | OUT. If IN then this policy applies to traffic coming into the current host.
If OUT it applies to traffic going out of the current host. A mirrored policy will automatically be
created for the opposite traffic flow.
- tunnelEndpointIPAddress is the identity of the remote gateway, for example "10.9.9.180" for
the IPv4 address.
- networkInterfaceAddress is the IP address of the network interface to which the inbound SA
is bound.

EXAMPLES

IPv4:

mkmAddTunnel=6,17/ANY/ANY,100.100.100.0/24,100.100.200.4,

OUT,100.100.100.4,100.100.99.1")

mkmAddTunnel=7,ANY,10.8.30.30,0.0.0.0/0,IN,100.100.100.4,

100.100.99.1

IPv6:

mkmAddTunnel=6,17/ANY/ANY,3ffe:2::/64,3ffe:3::1,OUT,3ffe:2::2,

3ffe:1::2

mkmAddTunnel=7,ANY,3ffe:3::1,::/0,IN,3ffe:2::2,3ffe:1::2

Config String
Format

saNumber.protocolSelector[/destinationPort/sourcePort],

destinationAddressSelector,sourceAddressSelector,directionality,

tunnelEndpointIPAddress,networkInterfaceAddress