This profile specify an encryption cipher, a maximum time period for maintaining a security association between these peers (the SA "lifetime"), and an anti-replay policy. The three profiles are prioritized from one to three for usage with the SPD entry.

Command Syntax

% set profiles security ipsecProtectionProfile <profile name> 
	espAlgorithms 
		encryption <_3DesCbc | aesCbc128 | null> 
		integrity <hmacMd5 | hmacSha1 | hmacSha256 | hmacSha384 | hmacSha512> 
	saLifetimeByte <10000-4294967295 (in bytes), or unlimited> 
	saLifetimeTime <1200-1000000 (in seconds)>   
% show profiles security ipsecProtectionProfile <profile name> 
	displaylevel <displaylevel> 
	espAlgorithms 
		encryption 
		integrity 
	saLifetimeByte 
	saLifetimeTime   
% delete profiles security ipsecProtectionProfile <profile name> 

Command Parameters

The IPsec Protection Profile Parameters are as shown below:

IPsec Protection Profile Parameters

Parameter

Length/Range

Description

ipsecProtectionProfile

1-23

The name of the IPsec Protection Profile. This profile establishes the encryption algorithm, the maximum SA lifetime, and the replay rules for an SPD entry. These properties are used by the SBC when it forms an IPsec Security Association with a peer.

espAlgorithms

N/A

The IPsec Protection Profile ESP protocol cipher configurations.

  • encryption – The IPsec Protection Profile Encryption Cipher.
    • _3DesCbc
    • aesCbc128 (default)
    • null
  • integrity – The IPsec Protection Profile Integrity Cipher.
    • hmacMd5
    • hmacSha1 (default)
    • hmacSha256
    • hmacSha384
    • hmacSha512

saLifetimeByte

10000-4294967295

IPsec Protection Profile SA Lifetime setting in number of bytes. (default = unlimited)

saLifetimeTime

1200-1000000

The SA Lifetime setting, in seconds. This is the maximum interval that any one Security Association will be maintained before possible re-keying. This parameter applies to the IKE SA when it appears in the IKE Protection Profile and to the IPsec SA when it appears in the IPsec Protection Profile. (default = 28800, which corresponds to 8 hours)

Command Example

% show profiles security ipsecProtectionProfile 
 AesSha1IpsecProfile 
	{ 
	saLifetimeTime 28800; 
	saLifetimeByte unlimited; 
	espAlgorithms 
	{ 
		encryption null,_3DesCbc,aesCbc128; 
		integrity hmacSha1; 
	} 
	}