net ipsec manual-security-association¶

net ipsec manual-security-association(1) BIG-IP TMSH Manual net ipsec manual-security-association(1)

NAME
manual-security-association - Configures the IPsec manual-security-association.

MODULE
net ipsec

SYNTAX
Configure the manual-security-association component within the net ipsec module using the syntax in the following sections.

CREATE/MODIFY
create manual-security-association
modify manual-security-association
options:
app-service [[string] | none]
description [string]
auth-algorithm [sha1]
auth-key [key]
destination-address [ip address]
encrypt-algorithm [3des|aes128|aes192|aes256|null]
encrypt-key [key]
ipsec-policy [name]
protocol [esp]
source-address [ip address]
spi [number]

DISPLAY
list manual-security-association
show running-config manual-security-association
options:
app-service
all-properties
non-default-properties
one-line

DELETE
delete manual-security-association [name]

DESCRIPTION
Manually configures Security Association Database(SAD) entries. Because each SA provides data protection only for
unidirectional traffic, you must configure a manual-security-association for traffic in each direction to establish a
bidirectional IPsec tunnel.

EXAMPLES
create ipsec manual-security-association msa_on_dut2_transport_in { auth-key test description "manual security association
on dut2 for dut1 - transport" destination-address 7.7.7.7 encrypt-key test ipsec-policy transport_policy_on_dut2 source-
address 2.2.2.2 spi 1025 }

Creates a manual-security-association object named msa_on_dut2_transport_in to use IPsec to protect traffic from 2.2.2.2 to
7.7.7.7 with the authentication key test and the encryption key test. The ipsec-policy object named
transport_policy_on_dut2 is associated with this manually configured security association.

OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.

auth-algorithm
Specifies an authentication algorithm.

auth-key
Specifies the key for the authentication algorithm.

auth-key-encrypted
Displays the encrypted auth-key.

description
User-defined description.

destination-address
Specifies the destination of the security association.

encrypt-algorithm
Specifies an encryption algorithm.

encrypt-key
Specifies the key for the encryption algorithm.

encrypt-key-encrypted
Display the encrypted encrypt-key.

ipsec-policy
Specifies the ipsec-policy associated with this manual-security-association.

protocol
Specifies the IPsec protocol: Encapsulating Security Payload (ESP) or Authentication Header (AH).

source-address
Specifies the source address of the security association.

spi Specifies the Security Parameters Index. If this is the Security Association(SA) for the outbound traffic, make sure
it matches the SPI of the inbound SA configured on the remote site and vice versa. SPI values between 0 and 255 are
reserved for the future use by IANA and cannot be used.

SEE ALSO
list, net ipsec ipsec-policy, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.

BIG-IP 2017-03-31 net ipsec manual-security-association(1)