Mkmsetinboundesp – AMX NI-2100/3100/4100 User Manual

Page 143

Advertising
background image

Appendix A: IPSec Configuration File

135

NI Series WebConsole & Programming Guide

mkmSetInboundESP

mkmSetInboundESP

NAME

mkmSetInboundESP – set the transform ID and key for an inbound ESP SA

SYNOPSIS

mkmSetInboundESP=configuration_string

DESCRIPTION This rule sets the transform ID and key for an inbound Encapsulating Security Payload (ESP)

Security Association (SA).

Rule Value:

configuration_string

A string formatted as follows:

saNumber,spi,espTransformID,attributeType,attributeValue

[,attributeType,attributeValue]...

where
- saNumber is a unique unsigned integer specified by the user.
- spi is the decValue for the security parameter index, an unsigned long. spi >255 and
spi < SPI_BOUNDARY, which is defined as 2048.
- espTransformID is:

ESPDES | ESP3DES | ESP_DES | ESP_3DES | ESPAES | ESP_AES | ESPAES-

CTR | ESP_AES-CTR | ESPNULL | ESP_NULL

Note that ESP transform names of the form ESPxxx are deprecated; the preferred names are
of the form ESP_xxx and the deprecated forms will be removed in the future.
Attribute types and values are shown in the following table

Attribute Type

Attribute Value

• DECKEY

Decryption key in hexadecimal format; must be 16 characters for DES, 48
characters for 3DES and 32 characters for AES.

• AUTHALG

MD5 | SHA | HMAC-MD5 | HMAC-SHA | HMAC-SHA2-256 |
HMAC-SHA2-384 | HMAC-SHA2-512 | HMAC-RIPEMD |
AES-XCBC-MAC

• AUTHKEY

Authentication key in hexadecimal format; must be 32 characters for
MD5; 40 characters for SHA; 64 characters for SHA2-256; 96 characters
for SHA2-384; 128 characters for SHA2-512; and 40 characters for RIP-
EMD.

The traffic selectors for the transport or tunnel SA should be added before attempting to set
the transform and keys for the same Security Association (identified by SA Number).
Note that MD5 (deprecated) is equivalent to HMAC-MD5; SHA (deprecated) is equivalent to
HMAC-SHA.

EXAMPLES

mkmSetInboundESP=00,258,ESP_DES,DECKEY,2134657812435687,AUTHALG,

HMAC-MD5,AUTHKEY,123456789ABCDEF0FEDCBA9876543210

Config String
Format

saNumber.spi,espTransformID,attributeType,attributeValue

[,attributeType,attributeValue]…

Advertising
This manual is related to the following products:

NI-700/900, NI-2000/3000/4000

Popular Brands
Popular manuals