This profile specify an encryption cipher, a maximum time period for maintaining a security association between these peers (the SA "lifetime"), and an anti-replay policy. The three profiles are prioritized from one to three for usage with the SPD entry.
Command Syntax
% set profiles security ipsecProtectionProfile <profile name>
espAlgorithms
encryption <_3DesCbc | aesCbc128 | null>
integrity <hmacMd5 | hmacSha1>
saLifetimeByte <10000-4294967295 (in bytes), or unlimited>
saLifetimeTime <1200-1000000 (in seconds)>
% show profiles security ipsecProtectionProfile <profile name>
displaylevel <displaylevel>
espAlgorithms
encryption
integrity
saLifetimeByte
saLifetimeTime
% delete profiles security ipsecProtectionProfile <profile name>
Command Parameters
The IPsec Protection Profile Parameters are as shown below:
IPsec Protection Profile Parameters
Parameter | Length/Range | Description |
---|
ipsecProtectionProfile
| 1-23 | The name of the IPsec Protection Profile. This profile establishes the encryption algorithm, the maximum SA lifetime, and the replay rules for an SPD entry. These properties are used by the SBC when it forms an IPsec Security Association with a peer. |
espAlgorithms
| N/A | The IPsec Protection Profile ESP protocol cipher configurations. encryption – The IPsec Protection Profile Encryption Cipher._3DesCbc aesCbc128 (default)null
integrity – The IPsec Protection Profile Integrity Cipher.hmacMd5 hmacSha1 (default)
|
saLifetimeByte
| 10000-4294967295 | IPsec Protection Profile SA Lifetime setting in number of bytes. (default = unlimited) |
saLifetimeTime
| 1200-1000000 | The SA Lifetime setting, in seconds. This is the maximum interval that any one Security Association will be maintained before possible re-keying. This parameter applies to the IKE SA when it appears in the IKE Protection Profile and to the IPsec SA when it appears in the IPsec Protection Profile. (default = 28800, which corresponds to 8 hours) |
displaylevel
| 1-64 | To display different levels of output information in show commands. |
Command Example
% show profiles security ipsecProtectionProfile
AesSha1IpsecProfile
{
saLifetimeTime 28800;
saLifetimeByte unlimited;
espAlgorithms
{
encryption null,_3DesCbc,aesCbc128;
integrity hmacSha1;
}
}