AMX NI-2100/3100/4100 User Manual

Appendix A: IPSec Configuration File

117

NI Series WebConsole & Programming Guide

ikeAddPeerAuth (Cont.)

EXAMPLES

Using a pre-shared key for IPv4:

ikeAddPeerAuth=100.100.100.4,100.100.100.1,mm_grp2,NOPFS,PSK,

thisisatest

Using a pre-shared key for IPv6:

ikeAddPeerAuth=3ffe:2::2,3ffe:1::2,mm_grp2,NOPFS,PSK,thisisatest

Using certificates for IPv4:

ikeAddPeerAuth=192.168.1.36,192.168.1.35,ph1_g1_1,NOPFS,RSA,

local_key.key,mypassword,local_cert.crt,PEER_CERT,peer_cert.crt

ikeAddPeerAuth=192.168.1.36,192.168.1.35,ph1_g1_1,NOPFS,RSA,

local_key.key,mypassword,local_cert.crt

ikeAddPeerAuth=192.168.1.36,192.168.1.35,ph1_g1_1,NOPFS,RSA,

local_key.key,NOPASS,local_cert.crt

Config String
Format

peerIpAddress,interfaceIpAddress,proposalName,authenticationMethod,

authenticationInfo

Pre-defined
proposal
names

The following are proposal names already defined inside the AMX Firmware and available for
use in the ikeAddPeerAuth configuration:

mm_g2=mm_3des_sha,mm_3des_md5,mm_des_sha,mm_des_md5

Attributes: DHGROUP=G2, LIFETIME=28800 sec

mm_g1=mm_3des_sha,mm_3des_md5,mm_des_sha,mm_des_md5\n"

Attributes: DHGROUP=G1, LIFETIME=28800 sec

mm_prop=mm_des_md5

Attributes: DHGROUP=G2, LIFETIME=300 sec

mm_prop1= mm_des_md5

Attributes: DHGROUP=G2, LIFETIME=3600 sec

Additional IKE proposals and attributes can be created with the next two API’s.