CLI Guide
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information UDP is not supported. Only TCP 23 telnet and 21 FTP are supported.
Example
Dell(conf-crypto-policy)#match 0 tcp a::1 /128 0 a::2 /128 23
Dell(conf-crypto-policy)#match 1 tcp a::1 /128 23 a::2 /128 0
Dell(conf-crypto-policy)#match 2 tcp a::1 /128 0 a::2 /128 21
Dell(conf-crypto-policy)#match 3 tcp a::1 /128 21 a::2 /128 0
Dell(conf-crypto-policy)#match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32
23
Dell(conf-crypto-policy)#match 5 tcp 1.1.1.1 /32 23
1.1.1.2 /32 0
Dell(conf-crypto-policy)#match 6 tcp 1.1.1.1 /32 0 1.1.1.2 /32
21
Dell(conf-crypto-policy)#match 7 tcp 1.1.1.1 /32 21
1.1.1.2 /32 0
session-key
Specify the session keys used in the crypto policy entry.
Syntax
session-key {inbound | outbound} {ah spi hex-key-string | esp
spi encrypt hex-key-string auth hex-key-string
To delete the session key information from the crypto policy, use the no
session-key {inbound | outbound} {ah | esp} command.
Parameters
name Enter the name of the host to delete. Enter * to delete all
host table entries.
inbound Specify the inbound session key for IPSec.
outbound Specify the outbound session key for IPSec.
ah Use the AH protocol when you select the AH transform set
in the crypto policy.
esp Use the ESP protocol when you select the ESP transform set
in the crypto policy.
spi Enter the security parameter index number.
hex-key-string Enter the session key in hex format (a string of 8, 16, or 20
bytes). For DES algorithms, specify at least 16 bytes per key.
For SHA algorithms, specify at least 20 bytes per key.
encrypt Indicates the ESP encryption transform set key string.
auth Indicates the ESP authentication transform set key string.
742
Internet Protocol Security (IPSec)