Command Line Reference

IPSec Configuration

17 min

ipsec configurationon ipsec configurationon show ipsec show ipsec \[command] show ipsec \[purpose] display ipsec information \[view] system view \[use cases] sonic# show ipsec ipsec ipsec name \[command] ipsec name \[purpose] create and enter ipsec view \[view] system configuration view \[use cases] sonic# ipsec test ike crypto alg ike crypto alg \[command] ike crypto alg {des iv64|des|3des|rc5|idea|cast|blowfish|3idea|des iv32|null|aes cbc|aes ctr|aes gcm 16} crypto alg size 0 65535 integ alg {none|md5 96|sha1 96|des mac|kpdk md5|aes xcbc 96|md5 128|sha1 160|cmac 96|aes 128 gmac|aes 192 gmac|aes 256 gmac|hmac sha2 256 128|hmac sha2 384 192|hmac sha2 512 256} dh {none|modp 768|modp 1024|modp 1536|modp 2048|modp 3072|modp 4096|modp 6144|modp 8192|ecp 192|ecp 256|ecp 384|ecp 512|modp 1024 160|modp 2048 224|modp 2048 256} \[purpose] ike authentication algorithm, key length, encryption algorithm, dh algorithm \[view] ipsec configuration view \[parameter] true 146,364 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[use cases] sonic(config ipsec test)# ike crypto alg des iv64 crypto alg size 128 integ alg md5 128 dh modp 4096 ike local type {ip4|ip6|rfc822|fqdn} data ike local type {ip4|ip6|rfc822|fqdn} data value \[command] ike local type {ip4|ip6|rfc822|fqdn} data value \[purpose] configure the id type and id of the local user in ike users \[view] ipsec configuration view \[parameter] true 147,363 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[use cases] sonic(config ipsec test)# ike local type ip4 data 1 1 1 1 ike remote type {ip4|ip6|rfc822|fqdn} data ike remote type {ip4|ip6|rfc822|fqdn} data value \[command] ike remote type {ip4|ip6|rfc822|fqdn} data value \[purpose] configure the id ty and id of the remote user in ike users \[view] ipsec configuration view \[parameter] true 123,387 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[use cases] sonic(config ipsec test)# ike remote type ip4 data 1 1 1 1 ike traffic selector {local|remote} {ip4|ip6} addr start ike traffic selector {local|remote} {ip4|ip6} addr start a b c d addr end a b c d port start 0 65535 port end 0 65535 protocol 0 255 \[command] ike traffic selector {local|remote} {ip4|ip6} addr start a b c d addr end a b c d port start 0 65535 port end 0 65535 protocol 0 255 \[purpose] configure the data streams to be protected \[view] ipsec configuration view \[parameter] true 138,372 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type \[use cases] sonic(config ipsec test)# ike traffic selector local ip4 addr start 1 1 1 1 addr end 2 2 2 2 port start 0 port end 65535 protocol 6 sa sa \[command] sa {des iv64|des|3des|rc5|idea|cast|blowfish|3idea|des iv32|null|aes cbc|aes ctr|aes gcm 16} crypto alg size 0 65535 integ alg {none|md5 96|sha1 96|des mac|kpdk md5|aes xcbc 96|md5 128|sha1 160|cmac 96|aes 128 gmac|aes 192 gmac|aes 256 gmac|hmac sha2 256 128|hmac sha2 384 192|hmac sha2 512 256} \[purpose] sa authentication algorithm, key length, encryption algorithm \[view] ipsec configuration view \[parameter] true 147,363 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type \[use cases] sonic(config ipsec test)# sa des iv64 crypto alg size 128 integ alg md5 128 dh modp 4096 sa lifetime sa lifetime value \[jitter value ] \[handover value ] \[max bytes value ] \[command] sa lifetime value \[jitter value ] \[handover value ] \[max bytes value ] \[purpose] sa negotiation configuration \[view] ipsec configuration view \[parameter] true 90,420 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[use cases] sonic(config ipsec test)# sa lifetime 600 jitter 300 hadover 120 max bytes 10000 sa natt {enable|disable} sa natt {enable|disable} \[command] sa natt {enable|disable} \[purpose] nat traversal detection switch \[view] ipsec configuration view \[use cases] sonic(config ipsec test)# sa natt enable sa tunnel {ip4|ip6} src ip sa tunnel {ip4|ip6} src ip a b c d dst ip a b c d next hop a b c d remote ip a b c d/m shared interface name \[command] sa tunnel {ip4|ip6} src ip a b c d dst ip a b c d next hop a b c d remote ip a b c d/m shared interface name \[purpose] configure ipsec tunnel \[view] ipsec configuration view \[parameter] true 146,364 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[use cases] sonic(config ipsec test)# sa tunnel ip4 src ip 10 1 1 101 dst ip 20 1 1 2 next hop 10 1 1 1 remote ip 90 0 0 0/24 shared interface dialer1 shared key mic {string|hex} shared key mic {string|hex} value \[command] shared key mic {string|hex} value \[purpose] configure shared keys \[view] ipsec configuration view \[parameter] true 132,378 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type \[use cases] sonic(config ipsec test)# shared key mic string 12345678 ipsec name peer {ip4|ip6} ipsec name peer {ip4|ip6} a b c d|x\ x x x x \[command] ipsec name peer {ip4|ip6} a b c d | x\ x x x \[purpose] port ipsec configuration \[view] interface configuration view \[parameter] true 139,371 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[use cases] sonic(config if 16)# ipsec test peer ip4 1 1 1 1