Creating An Ipsec Policy Profile - Patton electronics SmartNode Series Software Configuration Manual

22 • VPN configuration
Mode: Configure
mac-sha1-96 }Enables authentication and defines the authentication protocol and the hash algorithm
Step
1 node (cfg)#profile ipsec-transform name
2 node (pf-ipstr)[ name ]#esp-encryption {
optional aes-cbc | des-cbc | 3des-cbc } [ key-length ]
3 node (pf-ipstr)[ name ]#{ ah-authentication
optional | esp-authentication } {hmac-md5-96 |
hmac-sha1-96 }
Use 'no' in front of the above commands to delete a profile or a configuration entry.
Example: Create an IPsec Transformation Profile
The following example defines a profile for AES-encryption at a key length of 128.
SN(cfg)#profile ipsec-transform AES_128
SN(pf-ipstr)[AES_128]#esp-encryption aes-cbc 128
Creating an IPsec policy profile
The IPsec Policy Profile supplies the keys for the encryption and/or the authenticators for the authentication,
the Security Parameters Indexes (SPIs), and IP address of the peer of the secured communication. Furthermore,
the profile defines which IPsec Transformation Profile to apply and whether Transport or Tunnel Mode shall be
effective.
The SPI identifies a secured communication channel. The IPsec component needs the SPI to select the suitable
key or authenticator. Inbound and outbound channels can have the same SPI but the channels in the same
direction, inbound or outbound, must have unique SPIs. The SPI is not encrypted and can be monitored.
Procedure: To create an IPsec Policy Profile
266
Command
SmartWare Software Configuration Guide
Purpose
Creates the IPsec Transformation Profile name
Enables encryption and defines the encryp-
tion algorithm and the key length
Supported key lengths see section
on page 264
tion"
Enables authentication and defines the
authentication protocol and the hash algo-
rithm
VPN configuration task list
"Encryp-