ike-sainfo
The ike-sainfo configuration element enables negotiation and establishment of IPsec tunnels. To configure this element, install your platform-specific IPsec license.
Parameters
- name
- Enter the unique name of this instance of the ike-sainfo
configuration element.
- Default: None
- Values: A valid configuration element name, that is unique within the ike-sainfo namespace
- security-protocol
- Enter the IPsec security (authentication and encryption) protocols supported
by this SA.
- Default: esp-auth
- Values:
- ah—RFC 4302 authentication services
- esp—RFC 4303 encryption services
- esp-auth—RFC 4303 encryption and authentication services
- esp-null—RFC 4303
encapsulation, lacks encryption.
Note:
For development environments only.
Note:
On virtual platforms, only the default setting is supported. - auth-algo
- Set the authentication algorithms supported by this SA.
- Default: sha2-512
- Values: any | md5 | sha1 | xcbc | sha2-256 | sha2-384 | sha2-512
Note:
On virtual platforms, only the default setting is supported. - encryption-algo
- Set the allowed encryption algorithms.
- Default: aes
- Values: any | 3des | aes | aes-ctr | null
Note:
On virtual platforms, only the default setting is supported. - ipsec-mode
- Select the IPSec operational mode. Transport mode provides a
secure end-to-end connection between two IP hosts. Tunnel mode provides VPN
service where entire IP packets are encapsulated within an outer IP envelope
and delivered from source (an IP host) to destination (generally a secure
gateway) across an untrusted internet.
- Default: transport
- Values: transport | tunnel
- tunnel-local-addr
- Enter the IP address of the local IP interface that terminates
the IPsec tunnel (relevant only if the ipsec-mode is tunnel, and otherwise
is ignored).
- Default: None
- Values: Any valid local IP address
- tunnel-remote-addr
- Enter the IP address of the remote peer or host (relevant only if the ipsec-mode is tunnel, and is otherwise ignored).
- Default: * (matches all IP addresses)
- Values: Any valid IP address
Path
ike-sainfo is a subelement under the ike element. The full path from the topmost ACLI prompt is: security > ike > ike-sainfo.
Note:
This is a multiple instance configuration element.Configures an ike-sainfo instance named star.
The default value for tunnel-remote-address (*) matches all IPv4 addresses.
Non-default values specify IPsec tunnel mode running ESP, and identify the local tunnel endpoint.