Patton electronic SmartNode 4110 Series ユーザーズマニュアル
VPN configuration task list
366
SmartWare Software Configuration Guide
32 • VPN configuration
Procedure: To create an IPsec policy profile
Mode: Configure
Step
Command
Purpose
1
node(cfg)#profile ipsec-policy-man-
ual name
ual name
Creates the IPsec policy profile name
2
node(pf-ipstr)[name]#use profile
ipsec-transform name
ipsec-transform name
Selects the IPsec transformation profile to be
applied
applied
3
optional
node(pf-ipstr)[name]#session-key
{ inbound | outbound }
{ ah-aauthentication | esp-
authentication | esp-encryption } key
{ inbound | outbound }
{ ah-aauthentication | esp-
authentication | esp-encryption } key
Sets a key for encryption or an authenticator for
authentication, either for inbound or outbound
direction. The key shall consist of hexadecimal
digits (0..9, A..F); one digit holds 4 Bit of key
information.
The key setting must match definitions in the
respective IPsec transformation profile. In particu-
lar, the length of the key or authenticator must
match the implicit (see section
authentication, either for inbound or outbound
direction. The key shall consist of hexadecimal
digits (0..9, A..F); one digit holds 4 Bit of key
information.
The key setting must match definitions in the
respective IPsec transformation profile. In particu-
lar, the length of the key or authenticator must
match the implicit (see section
explicit specification.
Keys must be available for inbound and out-
bound directions. They can be different for the
two directions. Make sure that the inbound key
of one peer matches the outbound key of the
other peer.
Keys must be available for inbound and out-
bound directions. They can be different for the
two directions. Make sure that the inbound key
of one peer matches the outbound key of the
other peer.
4
node(pf-ipstr)[name]#spi
{ inbound | outbound } { ah | esp } spi
{ inbound | outbound } { ah | esp } spi
Sets the SPI for encryption (esp) or authentication
(ah), either for inbound or outbound direction.
The SPI shall be a decimal figure in the range
1..2
(ah), either for inbound or outbound direction.
The SPI shall be a decimal figure in the range
1..2
32
–1.
SPIs must be available for encryption and/or
authentication as specified in the respective IPsec
transformation profile.
SPIs must be available for inbound and outbound
directions. They can be identical for the two
directions but must be unique in one direction.
Make sure that the inbound SPI of one peer
matches the outbound SPI of the other peer.
authentication as specified in the respective IPsec
transformation profile.
SPIs must be available for inbound and outbound
directions. They can be identical for the two
directions but must be unique in one direction.
Make sure that the inbound SPI of one peer
matches the outbound SPI of the other peer.
5
node(pf-ipstr)[name]#peer ip-address
Sets the IP address of the peer
Note
The peers of the secured
communication must have
static IP address. DNS reso-
lution is not available yet.
communication must have
static IP address. DNS reso-
lution is not available yet.
6
node(pf-ipstr)[name]#mode
{ tunnel | transport }
{ tunnel | transport }
Selects tunnel or transport mode