net ipsec manual-security-association
net ipsec manual-security-assoBIG-IPnTnet ipseclmanual-security-association(1)
NAME
manual-security-association - Configures the IPsec
manual-security-association.
MODULE
net ipsec
SYNTAX
Configure the manual-security-association component within the net
ipsec module using the syntax in the following sections.
CREATE/MODIFY
create manual-security-association
modify manual-security-association
options:
app-service [[string] | none]
description [string]
auth-algorithm [sha1]
auth-key [key]
destination-address [ip address]
encrypt-algorithm [3des|aes128|aes192|aes256|null]
encrypt-key [key]
ipsec-policy [name]
protocol [esp]
source-address [ip address]
spi [number]
DISPLAY
list manual-security-association
show running-config manual-security-association
options:
app-service
all-properties
non-default-properties
one-line
DELETE
delete manual-security-association [name]
DESCRIPTION
Manually configures Security Association Database(SAD) entries. Because
each SA provides data protection only for unidirectional traffic, you
must configure a manual-security-association for traffic in each
direction to establish a bidirectional IPsec tunnel.
EXAMPLES
create ipsec manual-security-association msa_on_dut2_transport_in {
auth-key test description "manual security association on dut2 for dut1
- transport" destination-address 7.7.7.7 encrypt-key test ipsec-policy
transport_policy_on_dut2 source-address 2.2.2.2 spi 1025 }
Creates a manual-security-association object named
msa_on_dut2_transport_in to use IPsec to protect traffic from 2.2.2.2
to 7.7.7.7 with the authentication key test and the encryption key
test. The ipsec-policy object named transport_policy_on_dut2 is
associated with this manually configured security association.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
auth-algorithm
Specifies an authentication algorithm.
auth-key
Specifies the key for the authentication algorithm.
auth-key-encrypted
Displays the encrypted auth-key.
description
User-defined description.
destination-address
Specifies the destination of the security association.
encrypt-algorithm
Specifies an encryption algorithm.
encrypt-key
Specifies the key for the encryption algorithm.
encrypt-key-encrypted
Display the encrypted encrypt-key.
ipsec-policy
Specifies the ipsec-policy associated with this manual-security-
association.
protocol
Specifies the IPsec protocol: Encapsulating Security Payload (ESP)
or Authentication Header (AH).
source-address
Specifies the source address of the security association.
spi Specifies the Security Parameters Index. If this is the Security
Association(SA) for the outbound traffic, make sure it matches the
SPI of the inbound SA configured on the remote site and vice
versa. SPI values between 0 and 255 are reserved for the future
use by IANA and cannot be used.
SEE ALSO
list, net ipsec ipsec-policy, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2013, 2016. All rights
reserved.
BIG-IP 2017net-ipsec manual-security-association(1)