Mkmsetinboundesp - AMX NI-2000 Programming Manual

Ni series netlinx integrated controllers webconsole & programming guide

Hide thumbs Also See for NI-2000:

Dimension manual (1 page)

Instruction manual (134 pages)

Installer's manual (42 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

page of 162

/ 162
Contents
Table of Contents
Bookmarks

Table of Contents

mkmSetInboundESP

NAME

SYNOPSIS

DESCRIPTION This rule sets the transform ID and key for an inbound Encapsulating Security Payload (ESP)

EXAMPLES

Config String

Format

NI Series WebConsole & Programming Guide

mkmSetInboundESP – set the transform ID and key for an inbound ESP SA

mkmSetInboundESP=configuration_string

Security Association (SA).

Rule Value:

configuration_string

A string formatted as follows:

saNumber,spi,espTransformID,attributeType,attributeValue

[,attributeType,attributeValue]...

where

- saNumber is a unique unsigned integer specified by the user.

- spi is the decValue for the security parameter index, an unsigned long. spi >255 and

spi < SPI_BOUNDARY, which is defined as 2048.

- espTransformID is:

CTR | ESP_AES-CTR | ESPNULL | ESP_NULL

Note that ESP transform names of the form ESPxxx are deprecated; the preferred names are

of the form ESP_xxx and the deprecated forms will be removed in the future.

Attribute types and values are shown in the following table

Attribute Type

Attribute Value

• DECKEY

Decryption key in hexadecimal format; must be 16 characters for DES, 48

characters for 3DES and 32 characters for AES.

• AUTHALG

HMAC-SHA2-384 | HMAC-SHA2-512 | HMAC-RIPEMD |

AES-XCBC-MAC

• AUTHKEY

Authentication key in hexadecimal format; must be 32 characters for

MD5; 40 characters for SHA; 64 characters for SHA2-256; 96 characters

for SHA2-384; 128 characters for SHA2-512; and 40 characters for RIP-

EMD.

The traffic selectors for the transport or tunnel SA should be added before attempting to set

the transform and keys for the same Security Association (identified by SA Number).

Note that MD5 (deprecated) is equivalent to HMAC-MD5; SHA (deprecated) is equivalent to

HMAC-SHA.

mkmSetInboundESP=00,258,ESP_DES,DECKEY,2134657812435687,AUTHALG,

HMAC-MD5,AUTHKEY,123456789ABCDEF0FEDCBA9876543210

saNumber.spi,espTransformID,attributeType,attributeValue

[,attributeType,attributeValue]...

Appendix A: IPSec Configuration File

143

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Ni-2100 Ni-4000 Ni-4100 Ni-3000 Ni-700 Ni-3100 ... Show all

Mkmsetinboundesp - AMX NI-2000 Programming Manual

mkmSetInboundESP

Hide quick links:

Related Manuals for AMX NI-2000

Related Products for AMX NI-2000

This manual is also suitable for:

Table of Contents