Session-key, Set-pfs, Session-key -19 set-pfs -19 – Carrier Access Adit 3000 Series and Multi-Service Router (MSR) Card none User Manual

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

14-19

Configuration - IPSec Mode

session-key

Use the IPSec session-key command to specify the parameters needed during manual key exchange
(ipsec-manual).

Syntax:

(config-ipsec-{

n})# session-key {inbound|outbound} ah spi

authentication [md5|sha]

hex-key-data

Example:

(config-ipsec-1)# session-key outbound ah 256 authentication md5

0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f

Supported Platforms:

Adit 3104, Adit 3200, Adit 3500, MSR

set-pfs

Use the IPSec set-pfs command to enable Perfect Forward Secrecy.

Syntax:

(config-ipsec-{

n})# set-pfs {1|2|5|phase1}

Example:

(config-ipsec-1)# set-pfs phase1

Supported Platforms:

Adit 3104, Adit 3200, Adit 3500, MSR

Field

Definition

inbound

Set the inbound (local) IPSec key.

outbound

Set the outbound (remote) IPSec key.

ah spi

Set the Authentication Header Security Parameter Index. 100-FFF

md5

Set authentication to MD5.

sha

Set authentication to Secure Hash Algorithm.

hex-key-data

MD5 or SHA authentication key in hex. String length must be 40.

Field

Definition

1

Use DH group 1 (768 bit).

2

Use DH group 2 (1024 bit).

5

Use DH group 25 (1536 bit).

phase1

Use the same settings as the Phase 1 group settings.