This profile specify an encryption cipher, a maximum time period for maintaining a security association between these peers (the SA "lifetime"), and an anti-replay policy. The three profiles are prioritized from one to three for usage with the SPD entry.
Command Syntax
% set profiles security ipsecProtectionProfile <profile name> espAlgorithms encryption <_3DesCbc | aesCbc128 | null> integrity <hmacMd5 | hmacSha1 | hmacSha256 | hmacSha384 | hmacSha512> saLifetimeByte <10000-4294967295 (in bytes), or unlimited> saLifetimeTime <1200-1000000 (in seconds)> % show profiles security ipsecProtectionProfile <profile name> displaylevel <displaylevel> espAlgorithms encryption integrity saLifetimeByte saLifetimeTime % delete profiles security ipsecProtectionProfile <profile name>
Command Parameters
The IPsec Protection Profile Parameters are as shown below:
IPsec Protection Profile Parameters
Parameter | Length/Range | Description |
|---|---|---|
| 1-23 | The name of the IPsec Protection Profile. This profile establishes the encryption algorithm, the maximum SA lifetime, and the replay rules for an SPD entry. These properties are used by the SBC when it forms an IPsec Security Association with a peer. |
| N/A | The IPsec Protection Profile ESP protocol cipher configurations.
|
| 10000-4294967295 | IPsec Protection Profile SA Lifetime setting in number of bytes. (default = unlimited) |
| 1200-1000000 | The SA Lifetime setting, in seconds. This is the maximum interval that any one Security Association will be maintained before possible re-keying. This parameter applies to the IKE SA when it appears in the IKE Protection Profile and to the IPsec SA when it appears in the IPsec Protection Profile. (default = 28800, which corresponds to 8 hours) |
Command Example
% show profiles security ipsecProtectionProfile
AesSha1IpsecProfile
{
saLifetimeTime 28800;
saLifetimeByte unlimited;
espAlgorithms
{
encryption null,_3DesCbc,aesCbc128;
integrity hmacSha1;
}
}
Overview
Content Tools