Mkmsetinboundah – AMX NI-2100/3100/4100 User Manual

Appendix A: IPSec Configuration File

134

NI Series WebConsole & Programming Guide

mkmSetInboundAH

mkmSetInboundAH

NAME

mkmSetInboundAH – set the transform ID and key for an inbound AH SA

SYNOPSIS

mkmSetInboundAH=cptr_value_string

DESCRIPTION This rule sets the transform ID and key for an inbound AH SA.

Rule Value:

cptr_value_string

A string formatted as follows:

saNumber,spi,ahTransformID,key

where
- saNumber is a unique unsigned integer specified by the user.
- spi is the decValue for the security parameter index, an unsigned long. SPI >255 and
SPI < SPI_BOUNDARY, which is defined as 2048.
- ahTransformID is:

MD5 | SHA | HMAC-MD5 | HMAC-SHA | HMAC-SHA2-256 | HMAC-SHA2-384 |

HMAC-SHA2-512 | HMAC-RIPEMD | AES-XCBC-MAC

Note that MD5 (deprecated) is equivalent to HMAC-MD5; SHA (deprecated) is equivalent to
HMAC-SHA.

- key is the authentication algorithm key in hexadecimal. It must be 32 characters for MD5; 40
characters for SHA; 64 characters for SHA2-256; 96 characters for SHA2-384; 128 charac-
ters for SHA2-512; and 40 characters for RIPEMD.
The traffic selectors for the transport or tunnel SA should be added before attempting to set
the transform and keys for the same Security Association (identified by SA Number).

EXAMPLES

mkmSetInboundAH=0,258,HMAC-MD5,123456789ABCDEF0FEDCBA987654321

Config String
Format

saNumber.spi,ahTransformID,key