Manualshelf

Specifications

ManualsBrandsAMX ManualsNetworkingNI-3100
151152153154155156157158159160
Appendix A: IPSec Configuration File
142
NetLinx Integrated Controllers- WebConsole & Programming Guide (FMv3)
mkmSetOutboundESP
mkmSetOutboundESP
NAME mkmSetOutboundESP – set the transform ID and key for an outbound ESP SA
SYNOPSIS
mkmSetOutboundESP=configuration_string
DESCRIPTION This rule sets the transform ID and key for an outbound Encapsulating Security Payload
(ESP) Security Association (SA).
Rule Value: Rule Value = configuration_string
A string formatted as follows:
saNumber,spi,espTransformID,attributeType,attributeValue
[,attributeType,attributeValue]...
where
- saNumber is a unique unsigned integer specified by the user.
- spi is the decValue for the security parameter index, an unsigned long. SPI >255 and
SPI < SPI_BOUNDARY, which is defined as 2048.
- espTransformID is:
ESPDES | ESP3DES | ESP_DES | ESP_3DES | ESPAES | ESP_AES | ESPAES-CTR |
ESP_AES-CTR | ESPNULL | ESP_NULL
Note that ESP transform names of the form ESPxxx are deprecated; the preferred names are
of the form ESP_xxx and the deprecated forms will be removed in the future.
Attribute types and values are shown in the following table:
Attribute Type Attribute Value
ENCKEY Decryption key in hexadecimal format; must be 16 characters for DES, 48
characters for 3DES and 32 characters for AES.
AUTHALG MD5 | SHA | HMAC-MD5 | HMAC-SHA | HMAC-SHA2-256 |
HMAC-SHA2-384 | HMAC-SHA2-512 | HMAC-RIPEMD |
AES-XCBC-MAC
AUTHKEY Authentication key in hexadecimal format; must be 32 characters for
MD5; 40 characters for SHA; 64 characters for SHA2-256; 96 characters
for SHA2-384; 128 characters for SHA2-512; and 40
characters for RIPEMD.
IV Initialization Vector for encryption; must be 16 characters for DES and
3DES and 32 characters for AES.
The traffic selectors for the transport or tunnel SA should be added before attempting to set
the transform and keys for the same Security Association (identified by SA Number).
Note that MD5 (deprecated) is equivalent to HMAC-MD5; SHA (deprecated) is equivalent to
HMAC-SHA.
EXAMPLES
mkmSetOutboundESP="00,258,ESP_DES,ENCKEY,2134657812435687,IV,1001100110011001
,AUTHALG,HMAC-MD5,AUTHKEY,123456789ABCDEF0FEDCBA9876543210
Config String
Format
saNumber.spi,espTransformID,attributeType,attributeValue[,attributeType,
attributeValue]…