ipsec sa
Usage Guidelines
•
The encryption parameter must be specified with the none option, if ESP is being used to verify integ-
rity only.
•
If null is specified as the option for encryption, an integrity algorithm must be specified using the
authentication parameter. .
•
To override a default key length in an encryption algorithm, the key length must be specified after the
protocol name.The key length supported for various algorithm are as follows:
encryption algorithm
aes-cbc
•
For AH SAs, one of the authentication algorithms such as aes-xcbc-mac, hmac-md5 or hmac-sha1 must
be specified.
Examples
-> ipsec sa esp_in_1 esp source 2001:db8:3::13d destination 2001:db8:1::24 spi
10392 encryption aes-cbc authentication hmac-sha1
-> no ipsec sa esp_in_1
Release History
Release 7.1.1; command introduced.
Related Commands
show ipsec sa
MIB Objects
AlaIPsecSAConfigTable
alaIPsecSAConfigName
alaIPsecSAConfigType
alaIPsecSAConfigSource
alaIPsecSAConfigSourceType
alaIPsecSAConfigDestination
alaIPsecSAConfigDestinationType
alaIPsecSAConfigSPI
alaIPsecSAConfigEncryptionAlgorithm
alaIPsecSAConfigEncryptionKeyLength
alaIPsecSAConfigAuthenticationAlgorithm
alaIPsecSAConfigDescription
alaIPsecSAConfigAdminState
page 12-12
key length (in bits)
128(default), 192, and 256
Displays information about manually configured IPsec Security
Associations.
OmniSwitch CLI Reference Guide
IPsec commands
March 2011