In this section:
This section details the commands to configure an IPsec Peer. See IPsec for Signaling for in-depth feature description.
Command Syntax
Mandatory parameters required to configure the IPsec.
% set addressContext <addressContext name> ipsec peer <peer name> ipAddress <ipAddress> localIdentity <fqdn | ipV4Addr | ipV6Addr> preSharedKey <DES3 encrypted string>
Optional parameters:
% set addressContext <addressContext name> ipsec peer <peer name> authType <psk | rsaSig> localCertificate <sbcCertName> <peerCertName> <caCertName1> protectionProfile <profile_name> protocol <any | ikev1 | ikev2> remoteIdentity <fqdn | ipV4Addr | ipV6Addr> authType <psk | rsaSig> localCertificate <sbcCertName> remoteCertificate <peerCertName> remoteCaCertificate <caCertName1>
Command Parameters
IPsec Peer Parameters
Parameter | Length/Range | Description |
---|---|---|
Mandatory peer parameter descriptions for IPsec Peer | ||
| 1-23 | Specifies the name of the Internet Key Exchange (IKE) peer database entry. This name identifies an entry in the IKE Peer Database (IPD). The IPD is a list of remote devices that may become IPsec peers. The IPD establishes the authentication and other phase 1 criteria for the peer-to-peer negotiation to eventually reach an IKE Security Association (SA) between this specific peer and the SBC. |
| N/A | Specifies the IPv4 or IPv6 address of the peer. |
| N/A | Specifies the local identity type that SBC will assert to the peer during phase 1 authentication.
NOTE: The |
| 32-128 alphanumeric | Specifies the Pre-shared secret key with this peer. The SBC accepts the pre-shared key in the following formats:
In either case the given value represents a "pre-shared secret" between the SBC and the IKE peer. This value is used for mutual authentication for phase 1 negotiation to set up an IKE Security association. NOTE: Ribbon strongly recommends using unpredictable (difficult to guess) values. Use a unique value for each IKE peer. This string is never displayed in plaintext when using the |
authType | N/A | The authentication method – (psk) or rsa signature (rsaSig).
|
localCertificate | N/A | The name of local (SBC) Certificate..
|
remoteCertificate | N/A | The name of remote (IPSec Peer) Certificate.
|
Optional peer parameter descriptions for IPsec Peer | ||
| N/A | Specifies the name of the IKE protection profile to apply to the Internet key exchange with this peer. |
| N/A | Use this object to specify the Internet Key Exchange (IKE) protocol to use to set up a Security Association (SA) for this IPsec peer.
NOTE: Prior to release 4.2, the default value was |
| N/A | Specifies the remote Identity that SBC will assert to the PEER during phase 1 authentication.
NOTE: The |
remoteCaCertificate | N/A | The name of remote CA Certificate referred by the IPSec peer entry.
|
Command Example
The following example creates an IPsec peer named "peer2
":
% set addressContext default ipsec peer peer2 ipAddress 10.20.30.140 preSharedKey 12345678 localIdentity type ipV4Addr ipAddress 10.20.30.134 % show addressContext default ipsec peer peer2 { ipAddress 10.20.30.140; localIdentity { type ipV4Addr; ipAddress 10.20.30.134; } preSharedKey $3$jCFw27QxeFA9KSe4Ym01FechIP3sXsZY;