Table of Contents
Advertisement
Chapter 4
Configuration via the Command Line Interface
4.5.1 Connection Security Descriptor parameters
Parameters table
Example:
Connection Descriptor
name [name]
128
The following table summarizes the parameters comprised in the connection
security descriptor. The table also indicates the keyword used in the CLI for each
parameter:
Parameter
Connection Descriptor
name
Cryptographic function
Key length
Hash function
Perfect Forward Secrecy
IPSec SA lifetime
IPSec SA volume
lifetime
Encapsulation
A Connection Security Descriptor is a text string, comprising the parameters
described in the table above. An example is shown here:
AES(128)
HMAC-SHA1
Cryptographic function
Hash function
(key length)
This name is used internally to identify the Connection Descriptor.
Keyword
Description
Symbolic name to identify the
name
Descriptor.
Cryptographic function to be used
crypto
for the IPSec Security Association.
Length of the cryptographic key
keylen
for the AES encryption algorithm.
Hashing function used for
integrity
message authentication.
Selects the use of Perfect Forward
pfs
Secrecy.
The lifetime of the IPSec Security
lifetime_secs
Association. At expiration of this
period re-keying occurs.
The maximum data volume
lifetime_kbytes
transported before re-keying
occurs.
Selects the ESP encapsulation
encaps
mode.
Lifetime 86400s
IPsec SA lifetime
TUNNEL MODE
Encapsulation
mode
E-DOC-CTC-20051017-0169 v0.1
Advertisement
Table of Contents
