Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

session-key

crypto-map-ipsec-manual-instance

Defines encryption and authentication keys for this crypto map

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

session-key [inbound|outbound] [ah|esp] <256-4294967295>
session-key [inbound|outbound] ah <256-4294967295> [0|2|authenticator [md5|sha]] <WORD>
session-key [inbound|outbound] esp <256-4294967295> [0|2|cipher [3des|aes|aes-192|aes-256|des|esp-null]] <WORD> authenticator [md5|sha] <WORD>

Parameters

session-key [inbound|outbound] ah <256-4294967295> [0|2|authenticator [md5|sha]] <WORD>
session-key [inbound|outbound] Defines the manual inbound and outbound security association key parameters
ah <256-4294967295> Configures authentication header (AH) as the security protocol for the security session
  • <256-4294967295> – Sets the SPI for the security association from 256 - 4294967295

The SPI (in combination with the destination IP address and security protocol) identifies the security association.
[0|2|authenticator [md5|sha] <WORD>] Specifies the key type
  • 0 – Sets a clear text key
  • 2 – Sets an encrypted key
  • authenticator – Sets AH authenticator details
    • md5 <WORD> – AH with MD5 authentication
    • sha <WORD> – AH with SHA authentication
      • <WORD> – Sets security association key value. The following key lengths (in hex characters) are required (w/o leading 0x).AH-MD5: 32, AH-SHA: 40
 
session-key [inbound|outbound] esp <256-4294967295> [0|2|cipher [3des|aes|aes-192|aes-256|des|esp-null]] <WORD> authenticator [md5|sha] <WORD>
session-key [inbound|outbound] Defines the manual inbound and outbound security association key parameters
esp <256-4294967295> Configures Encapsulating Security Payloads (ESP) as the security protocol for the security session. This is the default setting.
  • <256-4294967295> – Sets the SPI for the security association from 256 - 4294967295

The SPI (in combination with the destination IP address and security protocol) identifies the security association.
[0|2|cipher [3des|aes|aes-192| aes-256|des| esp-null]]
  • 0 – Sets a clear text key
  • 2 – Sets an encrypted key
  • cipher – Sets encryption/decryption key details
    • 3des – ESP with 3DES encryption
    • aes – ESP with AES encryption
    • aes-192 – ESP with AES-192 encryption
    • aes-256 – ESP with AES-256 encryption
    • des – ESP with DES encryption
    • esp-null – ESP with no encryption
      • authenticator – Specify ESP authenticator details
      • md5 <WORD> – ESP with MD5 authentication
      • sha <WORD> – ESP with SHA authentication

        <WORD> – Sets security association key value. The following key lengths (in hex characters) are required (w/o leading 0x).AH-MD5: 32, AH-SHA: 40

Example

nx9500-6C8809(config-profile-default-rfs4000-cryptomap-map1#1)#session-key inbound esp 273 cipher esp-null authenticator sha 58768979

nx9500-6C8809(config-profile-default-rfs4000-cryptomap-map1#1)#show context
 crypto map map1 1 ipsec-manual
  peer 172.16.10.2
  mode transport
  session-key inbound esp 273 0 cipher esp-null authenticator sha 58768979
nx9500-6C8809(config-profile-default-rfs4000-cryptomap-map1#1)#
Published July 2019prev | next

Email this topicEmail this topic

Print this pagePrint this page