Support User Manuals

3Com 11.1 Network Router User Manual

Open as PDF

of 73

ManualKeyInfo 63

When you specify a key that is too short, the policy binding operation generates

an error message informing you of the key length discrepancy and the key is

rejected. If this should occur you will need to delete the speciﬁed key and reenter

a key of the appropriate length.

Values

ManualKeyInfo

Syntax SETDefault !<portlist> -IPSEC ManualKeyInfo <policy_name> (<key_set_name>

| NONE) [SpiEsp <spi_in> <spi_out>] [SpiAh <spi_in> <spi_out>]

SHow !<portlist> -IPSEC ManualKeyInfo [<policy_name>]

Description The ManualKeyInfo parameter adds manual keying information to an IPSEC policy

and key set. Only one ManualKeyInfo command can be applied to each policy. To

change the manual keying information after it has been applied to a policy, you

must ﬁrst delete the information using the NONE as the key set name, then add

the new information using ADD.

The ManualKeyInfo parameter creates one or two pairs of security associations

between the local router and the destination router.

Values

manualPOLicy

Syntax ADD !<portlist> -IPSEC manualPOLicy <policy_name> <action> <filters>

<src_ipaddr/mask>

(<dst_ipaddr/mask> | DYNamic)

[<encrypt_algorithms] [<auth_algorithms>]

<action> : AhEspXport | AhXport | EspXport

<filters> :list of the following values separated by commas:

GRE, ICMP, OSPF,

TCP [(<src_port>,<dst_port>)...up to 16 pairs],

key_set_name A name you assign to the key set you are adding.

<key_set_name> can be from 1 to 128 characters long but

cannot be none, NONE, all or ALL.

encrypt_key,

auth_key

An ASCII text string or a string of hexadecimal numbers.

policy_name A name you assigned to a policy you added using the

POLicy parameter.

key_set_name |

NONE

A name you assigned to a key set you added using the

KeySet parameter. If you specify NONE, all manual key

information is erased.

spi_in A number in the range 256 to 2000. All spi_in values must

be unique on a system. spi_in must match the spi_out value

speciﬁed at the peer system at the other end of the security

association.

spi_out A number in the range 256 to 2147483647. spi_out must

match the spi_in value speciﬁed at the peer system at the

other end of the security association.

previous next