ManualsContentsPreviousNext |
To display or specify the encryption key manual settings, use the "ipsec manual" command.
Display current settings
msh> ipsec manual {1|2|3|4|default}
To display the settings 1-4, specify the number [1-4].
To display the default setting, specify [default].
Not specifying any value displays all of the settings.
Disable settings
msh> ipsec manual {1|2|3|4|default} disable
To disable the settings 1-4, specify the setting number [1-4].
To disable the default settings, specify [default].
Specify the local/remote address for settings 1-4
msh> ipsec manual {1|2|3|4} {ipv4|ipv6} local address remote address
Enter the separate setting number [1-4] or [default] and specify the local address and remote address.
To specify the local or remote address value, specify masklen by entering [/] and an integer 0-32 if you are specifying an IPv4 address. If you are specifying an IPv6 address, specify masklen by entering [/] and an integer 0-128.
Not specifying an address value displays the current setting.
Specify the address type in default setting
msh> ipsec manual default {ipv4|ipv6|any}
Specify the address type for the default setting.
To specify both IPv4 and IPv6, enter [any].
Security protocol setting
msh> ipsec manual {1|2|3|4|default} proto {ah|esp|dual}
Enter the separate setting number [1-4] or [default] and specify the security protocol.
To specify AH, enter [ah]. To specify ESP, enter [esp]. To specify AH and ESP, enter [dual].
Not specifying a protocol displays the current setting.
SPI value setting
msh> ipsec manual {1|2|3|4|default} spi SPI input value SPI output value
Enter the separate setting number [1-4] or [default] and specify the SPI input and output values.
Specify a decimal number between 256-4095, for both the SPI input and output values.
Encapsulation mode setting
msh> ipsec manual {1|2|3|4|default} mode {transport|tunnel}
Enter the separate setting number [1-4] or [default] and specify the encapsulation mode.
To specify transport mode, enter [transport]. To specify tunnel mode, enter [tunnel].
If you have set the address type in the default setting to [any], you cannot use [tunnel] in encapsulation mode.
Not specifying an encapsulation mode displays the current setting.
Tunnel end point setting
msh> ipsec manual {1|2|3|4|default} tunneladdar beginning IP address ending IP address
Enter the separate setting number [1-4] or [default] and specify the tunnel end point beginning and ending IP address.
Not specifying either the beginning or ending address displays the current settings.
Authentication algorithm and authentication key settings
msh> ipsec manual {1|2|3|4|default} auth {hmac-md5|hmac-sha1} authentication key
Enter the separate setting number [1-4] or [default] and specify the authentication algorithm, and then set the authentication key.
If you are setting a hexadecimal number, attach 0x at the beginning.
If you are setting an ASCII character string, enter it as is.
Not specifying either the authentication algorithm or key displays the current setting. (The authentication key is not displayed.)
Encryption algorithm and encryption key setting
msh> ipsec manual {1|2|3|4|default} encrypt {null|des|3des|aes128|aes192|aes256} encryption key
Enter the separate setting number [1-4] or [default], specify the encryption algorithm, and then set the encryption key.
If you are setting a hexadecimal number, attach 0x at the beginning. If you have set the encryption algorithm to [null], enter an encryption key of arbitrary numbers 2-64 digits long.
If you are setting an ASCII character string, enter it as is. If you have set the encryption algorithm to [null], enter an encryption key of arbitrary numbers 1-32 digits long.
Not specifying an encryption algorithm or key displays the current setting. (The encryption key is not displayed.)
Reset setting values
msh> ipsec manual {1|2|3|4|default|all} clear
Enter the separate setting number [1-4] or [default] and reset the specified setting. Specifying [all] resets all of the settings, including default.