OcNOS-RON-6.3.1 : NetConf Command Reference Guide : NetConf Reference : IPI-IPSEC
IPI-IPSEC
Configure name
IPsec transform-set name
This command is supported when following feature are enabled IPsec feature
Attribute Name: name
Attribute Type: string
Attribute Range: 1-127
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<transform-sets>
<transform-set> <!-- operation="delete"-->
<name>NAME</name>
<config>
<name>NAME</name>
</config>
</transform-set>
</transform-sets>
</ipsec>
Command Syntax
crypto ipsec transform-set NAME
Configure transform set mode
This attribute is used to configure mode for a transform-set.
This command is supported when following feature are enabled IPsec feature
Attribute Name: transform-set-mode
Attribute Type: enum (transport)
Default Value: transport
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<transform-sets>
<transform-set>
<name>NAME</name>
<config>
<name>NAME</name>
</config>
<transform-set-mode>transport</transform-set-mode> <!-- operation="delete"-->
</transform-set>
</transform-sets>
</ipsec>
Command Syntax
crypto ipsec transform-set NAME mode (transport)
Configure ah authentication
This attribute configures IPsec AH authentication type.
This command is supported when following feature are enabled IPsec feature
Attribute Name: ah-authentication
Attribute Type: enum (none|ah-md5|ah-sha1|ah-sha256|ah-sha384|ah-sha512)
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<transform-sets>
<transform-set>
<name>NAME</name>
<config>
<name>NAME</name>
</config>
<ah-auth>
<config>
<ah-authentication>none</ah-authentication>
</config>
</ah-auth>
</transform-set>
</transform-sets>
</ipsec>
Command Syntax
crypto ipsec transform-set NAME ah (none|ah-md5|ah-sha1|ah-sha256|ah-sha384|ah-sha512)
Configure esp encryption
This attribute configures IPsec ESP encryption type.
This command is supported when following feature are enabled IPsec feature
Attribute Name: esp-encryption
Attribute Type: enum (esp-null|esp-3des|esp-cast|esp-blf|esp-blf192|esp-blf256|esp-aes|esp-aes192|esp-aes256)
Attribute Name: esp-authentication
Attribute Type: enum (none|esp-md5|esp-sha1|esp-sha256|esp-sha384|esp-sha512)
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<transform-sets>
<transform-set>
<name>NAME</name>
<config>
<name>NAME</name>
</config>
<esp-auth>
<config>
<esp-authentication>none</esp-authentication>
<esp-encryption>esp-null</esp-encryption>
</config>
</esp-auth>
</transform-set>
</transform-sets>
</ipsec>
Command Syntax
crypto ipsec transform-set NAME esp-auth (none|esp-md5|esp-sha1|esp-sha256|esp-sha384|esp-sha512) esp-enc (esp-null|esp-3des|esp-cast|esp-blf|esp-blf192|esp-blf256|esp-aes|esp-aes192|esp-aes256)
Configure esp authentication
This attribute configures IPsec ESP authentication type.
This command is supported when following feature are enabled IPsec feature
Attribute Name: esp-authentication
Attribute Type: enum (none|esp-md5|esp-sha1|esp-sha256|esp-sha384|esp-sha512)
Attribute Name: esp-encryption
Attribute Type: enum (esp-null|esp-3des|esp-cast|esp-blf|esp-blf192|esp-blf256|esp-aes|esp-aes192|esp-aes256)
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<transform-sets>
<transform-set>
<name>NAME</name>
<config>
<name>NAME</name>
</config>
<esp-auth>
<config>
<esp-encryption>esp-null</esp-encryption>
<esp-authentication>none</esp-authentication>
</config>
</esp-auth>
</transform-set>
</transform-sets>
</ipsec>
Command Syntax
crypto ipsec transform-set NAME esp-auth (none|esp-md5|esp-sha1|esp-sha256|esp-sha384|esp-sha512) esp-enc (esp-null|esp-3des|esp-cast|esp-blf|esp-blf192|esp-blf256|esp-aes|esp-aes192|esp-aes256)
Configure sa type
IPsec Crypto Map name
This command is supported when following feature are enabled IPsec feature
Attribute Name: name
Attribute Type: string
Attribute Range: 1-127
Attribute Name: sa-type
Attribute Type: enum (ipsec-manual)
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<crypto-maps>
<crypto-map> <!-- operation="delete"-->
<name>MAP-NAME</name>
<config>
<name>WORD</name>
<sa-type>ipsec-manual</sa-type>
</config>
</crypto-map>
</crypto-maps>
</ipsec>
Command Syntax
crypto map MAP-NAME (ipsec-manual)
Configure sequence id
Map sequence-id
This command is supported when following feature are enabled IPsec feature
Attribute Name: sequence-id
Attribute Type: uint16
Attribute Range: 1-65535
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<crypto-maps>
<crypto-map>
<name>MAP-NAME</name>
<config>
<name>WORD</name>
</config>
<sessions>
<session> <!-- operation="delete"-->
<sequence-id>1</sequence-id>
<config>
<sequence-id>1</sequence-id>
</config>
</session>
</sessions>
</crypto-map>
</crypto-maps>
</ipsec>
Command Syntax
sequence <1-65535>
Configure transform set name
Map session transform-set name
This command is supported when following feature are enabled IPsec feature
Attribute Name: transform-set-name
Attribute Type: string
Attribute Range: 1-127
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<crypto-maps>
<crypto-map>
<name>MAP-NAME</name>
<config>
<name>WORD</name>
</config>
<sessions>
<session>
<sequence-id>1</sequence-id>
<config>
<sequence-id>1</sequence-id>
</config>
<transform-sets>
<transform-set> <!-- operation="delete"-->
<transform-set-name>NAME</transform-set-name>
<config>
<transform-set-name>WORD</transform-set-name>
</config>
</transform-set>
</transform-sets>
</session>
</sessions>
</crypto-map>
</crypto-maps>
</ipsec>
Command Syntax
set transform-set NAME
Configure peer
Map session peer IP address
This command is supported when following feature are enabled IPsec feature
Attribute Name: peer
Attribute Type: inet:ip-address
Attribute Name: spi
Attribute Type: uint16
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<crypto-maps>
<crypto-map>
<name>MAP-NAME</name>
<config>
<name>WORD</name>
</config>
<sessions>
<session>
<sequence-id>1</sequence-id>
<config>
<sequence-id>1</sequence-id>
</config>
<peer-addresses>
<peer-address> <!-- operation="delete"-->
<peer>A.B.C.D</peer>
<config>
<peer>CML_IP_ADDR_T</peer>
<spi>0</spi>
</config>
</peer-address>
</peer-addresses>
</session>
</sessions>
</crypto-map>
</crypto-maps>
</ipsec>
Command Syntax
set peer (A.B.C.D|X:X::X:X) (spi <0-4096>|)
Configure security parameter index
Crypto Map session key security parameter index (SPI)
This command is supported when following feature are enabled IPsec feature
Attribute Name: security-parameter-index
Attribute Type: uint16
Attribute Range: 0-4096
Attribute Name: cipher
Attribute Type: string
Attribute Range: 1-128
Attribute Name: authentication-key
Attribute Type: string
Attribute Range: 1-128
Netconf edit-config payload
<ipsec xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ipsec">
<crypto-maps>
<crypto-map>
<name>MAP-NAME</name>
<config>
<name>WORD</name>
</config>
<sessions>
<session>
<sequence-id>1</sequence-id>
<config>
<sequence-id>1</sequence-id>
</config>
<session-keys>
<session-key> <!-- operation="delete"-->
<security-parameter-index>0</security-parameter-index>
<config>
<security-parameter-index>0</security-parameter-index>
<protocol>esp</protocol>
<direction>inbound</direction>
<cipher>HEX-KEY-DATA</cipher>
<authentication-key>HEX-KEY-DATA</authentication-key>
</config>
<protocol>esp</protocol>
<direction>inbound</direction>
</session-key>
</session-keys>
</session>
</sessions>
</crypto-map>
</crypto-maps>
</ipsec>
Command Syntax
set session-key (inbound|outbound) (esp) <0-4096> cipher HEX-KEY-DATA authenticator HEX-KEY-DATA
Last modified date: 07-14-2023