session-key

Defines encryption and authentication keys for this crypto map

Supported on the following devices:

Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

session-key [inbound|outbound] [ah|esp] <256-4294967295>

session-key [inbound|outbound] ah <256-4294967295> [0|2|authenticator [md5|sha]] <WORD>

session-key [inbound|outbound] esp <256-4294967295> [0|2|cipher [3des|aes|aes-192|aes-256|des|esp-null]] <WORD> authenticator [md5|sha] <WORD>

Parameters

session-key [inbound|outbound] ah <256-4294967295> [0|2|authenticator [md5|sha]] <WORD>


session-key [inbound\|outbound]	Defines the manual inbound and outbound security association key parameters
ah <256-4294967295>	Configures authentication header (AH) as the security protocol for the security session <256-4294967295> – Sets the SPI for the security association from 256 - 4294967295 The SPI (in combination with the destination IP address and security protocol) identifies the security association.
[0\|2\|authenticator [md5\|sha] <WORD>]	Specifies the key type 0 – Sets a clear text key 2 – Sets an encrypted key authenticator – Sets AH authenticator details md5 <WORD> – AH with MD5 authentication sha <WORD> – AH with SHA authentication <WORD> – Sets security association key value. The following key lengths (in hex characters) are required (w/o leading 0x).AH-MD5: 32, AH-SHA: 40

session-key [inbound|outbound] esp <256-4294967295> [0|2|cipher [3des|aes|aes-192|aes-256|des|esp-null]] <WORD> authenticator [md5|sha] <WORD>


session-key [inbound\|outbound]	Defines the manual inbound and outbound security association key parameters
esp <256-4294967295>	Configures Encapsulating Security Payloads (ESP) as the security protocol for the security session. This is the default setting. <256-4294967295> – Sets the SPI for the security association from 256 - 4294967295 The SPI (in combination with the destination IP address and security protocol) identifies the security association.
[0\|2\|cipher [3des\|aes\|aes-192\| aes-256\|des\| esp-null]]	0 – Sets a clear text key 2 – Sets an encrypted key cipher – Sets encryption/decryption key details 3des – ESP with 3DES encryption aes – ESP with AES encryption aes-192 – ESP with AES-192 encryption aes-256 – ESP with AES-256 encryption des – ESP with DES encryption esp-null – ESP with no encryption authenticator – Specify ESP authenticator details md5 <WORD> – ESP with MD5 authentication sha <WORD> – ESP with SHA authentication <WORD> – Sets security association key value. The following key lengths (in hex characters) are required (w/o leading 0x).AH-MD5: 32, AH-SHA: 40

Example

nx9500-6C8809(config-profile-default-ap8533-cryptomap-map1#1)#session-key inbound esp 273 cipher esp-null authenticator sha 58768979

nx9500-6C8809(config-profile-default-ap8533-cryptomap-map1#1)#show context
 crypto map map1 1 ipsec-manual
  peer 172.16.10.2
  mode transport
  session-key inbound esp 273 0 cipher esp-null authenticator sha 58768979
nx9500-6C8809(config-profile-default-ap8533-cryptomap-map1#1)#