Versions Compared

Old Version 2

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 3

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Noprint
Panel
borderColorgreen
bgColortransparent
borderWidth2

Back to Table of Contents

Back to CLI Configure Mode

Back to Address Context - CLI

Back to

...

IP Security - CLI

...


...

Panel

In this section:

Table of Contents

 

This section details the commands to configure an

...

IPsec Peer.

See

...

IPsec for Signaling for in-depth feature description.

Command Syntax

// Mandatory parameters required to configure the

...

IPsec.

Code Block
languagenone
% set addressContext <addressContext name> ipsec peer <peer name> 
   ipAddress <ipAddress> 
   localIdentity <fqdn | ipV4Addr | ipV6Addr> 	
   preSharedKey <DES3 encrypted string>

// Optional parameters:

Code Block
languagenone
% set addressContext <addressContext name> ipsec peer <peer name> 
   protectionProfile <profile_name> 
   protocol <any | ikev1 | ikev2>	 
   remoteIdentity <fqdn | ipV4Addr | ipV6Addr>

Command Parameters

Caption
0Table
1

...

IPsec Peer Parameters
3 IPsec

...

Peer Parameters
 

Parameter

Length/Range

Description

Mandatory peer parameter descriptions for

...

IPsec Peer

peer

1-23

Specifies the name of the Internet Key Exchange (IKE) peer database entry. This name identifies an entry in the IKE Peer Database (IPD). The IPD is a list of remote devices that may become

...

IPsec peers. The IPD establishes the authentication and other phase 1 criteria for the peer-to-peer negotiation to eventually reach an IKE Security Association (SA) between this specific peer and the SBC.

ipAddress

N/A

Specifies the IPv4 or IPv6 address of the peer.

localIdentity type

N/A

Specifies the local identity type  that 
Spacevars
0product
will assert to the peer during phase 1 authentication.
  • fqdn <domainName> – Specifies that the local identity will be presented in Fully Qualified Domain Name (FQDN) format, taking as its value the FQDN of the
    Spacevars
    0product
    , specified by the next argument such as westford.example.com.
  • ipV4Addr <ipAddress> – Specifies that the local identity will be presented in IPv4 address dotted decimal format, taking as its value the IP address of the 
    Spacevars
    0product
    specified by the next argument (example: 128.127.50.224).
  • ipV6Addr <ipAddress> – Specifies that the local identity will be presented in IPv6 address hexadecimal/colon format, taking as its value the IP address of the 
    Spacevars
    0product
    specified by the next argument (example: 1280:1276:3350:2224:2222:3333:8888:1245 or fd00:21:445:128::7880).
Note

The ipVxAddr attribute is not used at this time. If it is present in the CLI, please ignore it.

preSharedKey

32-128 alphanumeric 

-or-

0x + 16-64 hex digits

Specifies the Pre-shared Secret with this peer. The preSharedKey can be one of the following:

  • A string of from 32 to 128 case-sensitive, alphanumeric characters. These characters may only be in the range 0-9, a-z, space, and A-Z
  • A hexadecimal value introduced by "0x" and followed by 16 to 64 hexadecimal digits (0-9, a-f, A-F)

In either case the given value represents a "pre-shared secret" between the

Spacevars
0product
and the IKE peer. This value is used for mutual authentication for phase 1 negotiation to set up an IKE Security association.

Info
Sonus strongly recommends using unpredictable (difficult to guess) values. Use a unique value for each IKE peer. This string is never displayed in plaintext when using the show commands.

Optional peer parameter descriptions for

...

IPsec Peer

protectionProfile

N/A

Specifies the name of the IKE protection profile to apply to the Internet key exchange with this peer.

protocol

N/A

Use this object to specify the Internet Key Exchange (IKE) protocol to use to set up a Security Association (SA) for this IPsec peer.

  • any – Use either IKE protocol version.
  • ikev1 – Internet Key Version 1.
  • ikev2 – Internet Key Version 2.
Note

Prior to release 4.2, the default value was ikev1. For new installations, the default is ikev2. For systems upgraded from pre-4.2 versions, the existing configuration maintains ikev1. However, ikev2 becomes the default version for any new configurations. When "any" option is configured, in IKE initiator role, IKEv2 is chosen by default, while in responder mode IKE version is selected depending upon the IKE version used by the peer in IKE message.

remoteIdentity type

N/A

Specifies the remote Identity that 

Spacevars
0product
will assert to the PEER during phase 1 authentication. 

  • fqdn <domainName> – Specifies that the remote identity will be presented in Fully Qualified Domain Name (FQDN) format, taking as its value the FQDN of the
    Spacevars
    0product
    , specified by the next argument such as westford.example.com.
  • ipV4Addr <ipAddress> – Specifies that the remote identity will be presented in IPv4 address dotted decimal format, taking as its value the IP address of the 
    Spacevars
    0product
    specified by the next argument (example: 128.127.50.224).
  • ipV6Addr <ipAddress> – Specifies that the remote identity will be presented in IPv6 address hexadecimal/colon format, taking as its value the IP address of the 
    Spacevars
    0product
    specified by the next argument (example: 1280:1276:3350:2224:2222:3333:8888:1245 or fd00:21:445:128::7880).
Note

The ipVxAddr attribute is not used at this time. If it is present in the CLI, please ignore it.

Command Example

The following example creates an IPsec peer named "peer2":

Code Block
languagenone
% set addressContext default ipsec peer peer2 ipAddress 10.20.30.140 preSharedKey 12345678 localIdentity type ipV4Addr ipAddress 10.20.30.134

% show addressContext default ipsec
peer peer2 {
    ipAddress    10.20.30.140;
    localIdentity {
        type      ipV4Addr;
        ipAddress 10.20.30.134;
    }
    preSharedKey $3$jCFw27QxeFA9KSe4Ym01FechIP3sXsZY;

Pagebreak