Users Guide
Version Description
9.2(0.2) Introduced on the Z9000, S4810, and S4820T.
9.2(1.0) Introduced on the Z9500.
Usage Information
• IPv4 addresses support only -/32 mask types.
• IPv6 addresses support only -/128 mask types.
• Congure match for bi-directional trac for optimal routing.
• Only TCP is supported.
Example
match 0 tcp a::1 /128 0 a::2 /128 23
match 1 tcp a::1 /128 23 a::2 /128 0
match 2 tcp a::1 /128 0 a::2 /128 21
match 3 tcp a::1 /128 21 a::2 /128 0
match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23
match 5 tcp 1.1.1.1 /32 23 1.1.1.2 /32 0
match 6 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21
match 7 tcp 1.1.1.1 /32 21 1.1.1.2 /32 0
session-key
Specify the session keys used in the crypto policy entry.
Syntax
session-key {inbound | outbound} {ah spi hex-key-string | esp spi encrypt
hex-key-string auth hex-key-string
To delete the session key information from the crypto policy, use the no session-key {inbound |
outbound} {ah | esp} command.
Parameters
name Enter the name for the transform set.
inbound Specify the inbound session key for IPSec.
outbound Specify the outbound session key for IPSec.
ah Use the AH protocol when you select the AH transform set in the crypto policy.
esp Use the ESP protocol when you select the ESP transform set in the crypto policy.
spi Enter the security parameter index number.
hex-key-string Enter the session key in hex format (a string of 8, 16, or 20 bytes). For DES
algorithms, specify at least 16 bytes per key. For SHA algorithms, specify at least
20 bytes per key.
encrypt Indicates the ESP encryption transform set key string.
auth Indicates the ESP authentication transform set key string.
Defaults none
Command Modes CONF-CRYPTO-POLICY
712
Internet Protocol Security (IPSec)