Cisco Cisco Packet Data Gateway (PDG)
FA Service Configuration Mode Commands
fa-ha-spi ▀
Command Line Interface Reference, StarOS Release 16 ▄
4927
+
More than one of the above keywords can be entered within a single command.
Usage
An SPI is a security mechanism configured and shared by the FA service and the HA. Please refer to RFC
2002 for additional information.
Though it is possible for FAs and HAs to communicate without SPIs being configured, the use of them is
recommended for security purposes. It is also recommended that a “default” SPI with a remote address of
0.0.0.0/0 be configured on both the HA and FA to prevent hackers from spoofing addresses.
2002 for additional information.
Though it is possible for FAs and HAs to communicate without SPIs being configured, the use of them is
recommended for security purposes. It is also recommended that a “default” SPI with a remote address of
0.0.0.0/0 be configured on both the HA and FA to prevent hackers from spoofing addresses.
Important:
The SPI configuration on the HA must match the SPI configuration for the FA service on the system
in order for the two devices to communicate properly.
A maximum of 2,048 SPIs can be configured per FA service.
Use the
Use the
no
version of this command to delete a previously configured SPI.
Example
The following command configures the FA service to use an SPI of
512
when communicating with an HA
with the IP address
192.168.0.2
. The key that would be shared between the HA and the FA service is
q397F65
. When communicating with this HA, the FA service will also be configured to use the
rfc2002-
md5
hash-algorithm.
fa-ha-spi remote-address 192.168.0.2 spi-number 512 secret q397F65 hash-
algorithm rfc2002-md5
algorithm rfc2002-md5
The following command deletes the configured SPI of
400
for an HA with an IP address of
172.100.3.200
:
no fa-ha-spi remote-address 172.100.3.200 spi-number 400