ipsec manual

msh> ipsec manual {1|2|3|4|default}

• To display the settings 1-4, specify the number [1-4].

• To display the default setting, specify [default].

• Not specifying any value displays all of the settings.

msh> ipsec manual {1|2|3|4|default} disable

• To disable the settings 1-4, specify the setting number [1-4].

• To disable the default settings, specify [default].

msh> ipsec manual {1|2|3|4} {ipv4|ipv6} local address remote address

• Enter the separate setting number [1-4] or [default] and specify the local address and remote address.

• To specify the local or remote address value, specify masklen by entering [/] and an integer 0-32 if you are specifying an IPv4 address. If you are specifying an IPv6 address, specify masklen by entering [/] and an integer 0-128.

• Not specifying an address value displays the current setting.

msh> ipsec manual default {ipv4|ipv6|any}

• Specify the address type for the default setting.

• To specify both IPv4 and IPv6, enter [any].

msh> ipsec manual {1|2|3|4|default} proto {ah|esp|dual}

• Enter the separate setting number [1-4] or [default] and specify the security protocol.

• To specify AH, enter [ah]. To specify ESP, enter [esp]. To specify AH and ESP, enter [dual].

• Not specifying a protocol displays the current setting.

msh> ipsec manual {1|2|3|4|default} spi SPI input value SPI output value

• Enter the separate setting number [1-4] or [default] and specify the SPI input and output values.

• Specify a decimal number between 256-4095, for both the SPI input and output values.

msh> ipsec manual {1|2|3|4|default} mode {transport|tunnel}

• Enter the separate setting number [1-4] or [default] and specify the encapsulation mode.

• To specify transport mode, enter [transport]. To specify tunnel mode, enter [tunnel].

• If you have set the address type in the default setting to [any], you cannot use [tunnel] in encapsulation mode.

• Not specifying an encapsulation mode displays the current setting.

msh> ipsec manual {1|2|3|4|default} tunneladdar beginning IP address ending IP address

• Enter the separate setting number [1-4] or [default] and specify the tunnel end point beginning and ending IP address.

• Not specifying either the beginning or ending address displays the current settings.

msh> ipsec manual {1|2|3|4|default} auth {hmac-md5|hmac-sha1} authentication key

• Enter the separate setting number [1-4] or [default] and specify the authentication algorithm, and then set the authentication key.

• If you are setting a hexadecimal number, attach 0x at the beginning.

• If you are setting an ASCII character string, enter it as is.

• Not specifying either the authentication algorithm or key displays the current setting. (The authentication key is not displayed.)

msh> ipsec manual {1|2|3|4|default} encrypt {null|des|3des|aes128|aes192|aes256} encryption key

• Enter the separate setting number [1-4] or [default], specify the encryption algorithm, and then set the encryption key.

• If you are setting a hexadecimal number, attach 0x at the beginning. If you have set the encryption algorithm to [null], enter an encryption key of arbitrary numbers 2-64 digits long.

• If you are setting an ASCII character string, enter it as is. If you have set the encryption algorithm to [null], enter an encryption key of arbitrary numbers 1-32 digits long.

• Not specifying an encryption algorithm or key displays the current setting. (The encryption key is not displayed.)

msh> ipsec manual {1|2|3|4|default|all} clear

• Enter the separate setting number [1-4] or [default] and reset the specified setting. Specifying [all] resets all of the settings, including default.