This profile specify an encryption cipher, a maximum time period for maintaining a security association between these peers (the SA "lifetime"), and an anti-replay policy. The three profiles are prioritized from one to three for usage with the SPD entry.
% set profiles security ipsecProtectionProfile <profile name> espAlgorithms encryption <_3DesCbc | aesCbc128 | null> integrity <hmacMd5 | hmacSha1 | hmacSha256 | hmacSha384 | hmacSha512> saLifetimeByte <10000-4294967295 (in bytes), or unlimited> saLifetimeTime <1200-1000000 (in seconds)> % show profiles security ipsecProtectionProfile <profile name> displaylevel <displaylevel> espAlgorithms encryption integrity saLifetimeByte saLifetimeTime % delete profiles security ipsecProtectionProfile <profile name>
The IPsec Protection Profile Parameters are as shown below:
% show profiles security ipsecProtectionProfile AesSha1IpsecProfile { saLifetimeTime 28800; saLifetimeByte unlimited; espAlgorithms { encryption null,_3DesCbc,aesCbc128; integrity hmacSha1; } }