Parameter | Length/Range | Description |
---|
Mandatory peer parameter descriptions for IPsec Peer
|
peer
| 1-23 | Specifies the name of the Internet Key Exchange (IKE) peer database entry. This name identifies an entry in the IKE Peer Database (IPD). The IPD is a list of remote devices that may become IPsec peers. The IPD establishes the authentication and other phase 1 criteria for the peer-to-peer negotiation to eventually reach an IKE Security Association (SA) between this specific peer and the SBC. |
ipAddress
| N/A | Specifies the IPv4 or IPv6 address of the peer. |
localIdentity type
| N/A | Specifies the local identity type that SBC will assert to the peer during phase 1 authentication.
fqdn <domainName> – Specifies that the local identity will be presented in Fully Qualified Domain Name (FQDN) format, taking as its value the FQDN of the SBC, specified by the next argument such as westford.example.com.ipV4Addr <ipAddress> – Specifies that the local identity will be presented in IPv4 address dotted decimal format, taking as its value the IP address of the SBC specified by the next argument (example: 128.127.50.224).ipV6Addr <ipAddress> – Specifies that the local identity will be presented in IPv6 address hexadecimal/colon format, taking as its value the IP address of the SBC specified by the next argument (example: 1280:1276:3350:2224:2222:3333:8888:1245 or fd00:21:445:128::7880).
NOTE: The ipVxAddr attribute is not used at this time. If it is present in the CLI, please ignore it. |
preSharedKey
| 32-128 alphanumeric
-or-
0x + 16-64 hex digits | Specifies the Pre-shared Secret with this peer. The preSharedKey can be one of the following: - A string of from 32 to 128 case-sensitive, alphanumeric characters. These characters may only be in the range 0-9, a-z, space, and A-Z
- A hexadecimal value introduced by "0x" and followed by 16 to 64 hexadecimal digits (0-9, a-f, A-F)
In either case the given value represents a "pre-shared secret" between the SBC and the IKE peer. This value is used for mutual authentication for phase 1 negotiation to set up an IKE Security association. NOTE: Ribbon strongly recommends using unpredictable (difficult to guess) values. Use a unique value for each IKE peer. This string is never displayed in plaintext when using the show commands. |
authType | N/A | The authentication method – (psk) or rsa signature (rsaSig). rskSig – rsa signaturepsk– preshared key
|
localCertificate | N/A | The name of local (SBC) Certificate.. |
remoteCertificate | N/A | The name of remote (IPSec Peer) Certificate. |
Optional peer parameter descriptions for IPsec Peer
|
protectionProfile
| N/A | Specifies the name of the IKE protection profile to apply to the Internet key exchange with this peer. |
protocol
| N/A | Use this object to specify the Internet Key Exchange (IKE) protocol to use to set up a Security Association (SA) for this IPsec peer. any – Use either IKE protocol version.ikev1 – Internet Key Version 1.ikev2 – Internet Key Version 2.
NOTE: Prior to release 4.2, the default value was ikev1 . For new installations, the default is ikev2 . For systems upgraded from pre-4.2 versions, the existing configuration maintains ikev1 . However, ikev2 becomes the default version for any new configurations. When "any " option is configured, in IKE initiator role, IKEv2 is chosen by default, while in responder mode IKE version is selected depending upon the IKE version used by the peer in IKE message. |
remoteIdentity type
| N/A | Specifies the remote Identity that SBC will assert to the PEER during phase 1 authentication. fqdn <domainName> – Specifies that the remote identity will be presented in Fully Qualified Domain Name (FQDN) format, taking as its value the FQDN of the SBC, specified by the next argument such as westford.example.com.ipV4Addr <ipAddress> – Specifies that the remote identity will be presented in IPv4 address dotted decimal format, taking as its value the IP address of the SBC specified by the next argument (example: 128.127.50.224).ipV6Addr <ipAddress> – Specifies that the remote identity will be presented in IPv6 address hexadecimal/colon format, taking as its value the IP address of the SBC specified by the next argument (example: 1280:1276:3350:2224:2222:3333:8888:1245 or fd00:21:445:128::7880).
NOTE: The ipVxAddr attribute is not used at this time. If it is present in the CLI, please ignore it. |
remoteCaCertificate | N/A | The name of remote CA Certificate referred by the IPSec peer entry. |