ipsec > security-association > manual
The manual subelement is where you manually configure a security association on the Oracle Communications Session Border Controller.
Parameters
- name
- Enter the name for this security policy
- spi
- Set the security parameter index
- Default: 256
- Values: Min: 256 / Max: 4294967295
- network-interface
- Enter the network interface and VLAN where this security association applies in the form of: interface_name:VLAN
- local-ip-address
- Enter the local IP address to match for traffic selectors for this SA
- remote-ip-addr
- Enter the remote IP address to match for traffic selectors for this SA
- local-port
- Enter the local port to match for traffic selectors for this SA
- remote-port
- Enter the remote port to match for traffic selectors for this SA
- Default: 0
- Values: Min: 0 (disabled) | Max: 65535
- trans-protocol
- Select the transport protocol to match for traffic selectors
for this SA
- Default: ALL
- Values: UDP | TCP | ALL | ICMP
- ipsec-protocol
- Select the IPsec protocol used for this SA
- Default: esp
- Values: esp | ah
- direction
- Set the direction of traffic this security association can apply
to
- Default: both
- Values: in | out | both
- ipsec-mode
- Select the IPsec mode of this SA
- Default: transport
- Values: tunnel | transport
- auth-algo
- Select the IPsec authentication algorithm for this SA
- Default: hmac-sha-512
- Values: hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | null
- enrc-algo
- Enter the IPsec encryption algorithm for this SA
- Default: null
- Values: null | aes-128-cbc | aes-256-cbc | aes-128-ctr | aes-256-ctr
- auth-key
- Enter the authentication key for the previously chosen authentication algorithm for this SA
- encr-key
- Enter the encryption key for the previously chosen encryption algorithm for this SA
- aes-ctr-nonce
- Enter the AES nounce. This only applies if aes-128-ctr or
aes-256-ctr are chosen as your encryption algorithm.
- Default: 0
- tunnel-mode
- Enter the tunnel-mode subelement
Path
security-association is a subelement under the ipsec element. The full path from the topmost ACLI prompt is:configure-terminal > security > ipsec > security-association