Adit 3000 Series and Multi-Service Router (MSR) Card CLI Referece Manual
Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI 14-19
Configuration - IPSec Mode
session-key
Use the IPSec session-key command to specify the parameters needed during manual key exchange
(ipsec-manual).
Syntax: (config-ipsec-{n})# session-key {inbound|outbound} ah spi
authentication [md5|sha] hex-key-data
Example: (config-ipsec-1)# session-key outbound ah 256 authentication md5
0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f
Supported Platforms:
Adit 3104, Adit 3200, Adit 3500, MSR
set-pfs
Use the IPSec set-pfs command to enable Perfect Forward Secrecy.
Syntax: (config-ipsec-{n})# set-pfs {1|2|5|phase1}
Example: (config-ipsec-1)# set-pfs phase1
Supported Platforms:
Adit 3104, Adit 3200, Adit 3500, MSR
Field Definition
inbound Set the inbound (local) IPSec key.
outbound Set the outbound (remote) IPSec key.
ah spi Set the Authentication Header Security Parameter Index. 100-FFF
md5 Set authentication to MD5.
sha Set authentication to Secure Hash Algorithm.
hex-key-data MD5 or SHA authentication key in hex. String length must be 40.
Field Definition
1 Use DH group 1 (768 bit).
2 Use DH group 2 (1024 bit).
5 Use DH group 25 (1536 bit).
phase1 Use the same settings as the Phase 1 group settings.