Session-Key - Dell C9000 Series Reference Manual

Usage Information
Example
match 0 tcp a::1 /128 0 a::2 /128 23
match 1 tcp a::1 /128 23 a::2 /128 0
match 2 tcp a::1 /128 0 a::2 /128 21
match 3 tcp a::1 /128 21 a::2 /128 0
match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23
match 5 tcp 1.1.1.1 /32 23 1.1.1.2 /32 0
match 6 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21
match 7 tcp 1.1.1.1 /32 21 1.1.1.2 /32 0

session-key

Specify the session keys used in the crypto policy entry.
C9000 Series
Syntax
session-key {inbound | outbound} {ah spi hex-key-string | esp spi
encrypt hex-key-string auth hex-key-string
To delete the session key information from the crypto policy, use the no session-
key {inbound | outbound} {ah | esp} command.
Parameters
name
inbound
outbound
ah
esp
spi
hex-key-string
encrypt
auth
• IPv4 addresses support only -/32 mask types.
• IPv6 addresses support only -/128 mask types.
• Configure match for bi-directional traffic for optimal routing.
• Only TCP is supported.
Enter the name for the transform set.
Specify the inbound session key for IPSec.
Specify the outbound session key for IPSec.
Use the AH protocol when you select the AH transform set in
the crypto policy.
Use the ESP protocol when you select the ESP transform set in
the crypto policy.
Enter the security parameter index number.
Enter the session key in hex format (a string of 8, 16, or 20
bytes). For DES algorithms, specify at least 16 bytes per key. For
SHA algorithms, specify at least 20 bytes per key.
Indicates the ESP encryption transform set key string.
Indicates the ESP authentication transform set key string.
Internet Protocol Security (IPSec) 1160