Reference Guide
match 3 tcp a::1 /128 21 a::2 /128 0
match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23
match 5 tcp 1.1.1.1 /32 23 1.1.1.2 /32 0
match 6 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21
match 7 tcp 1.1.1.1 /32 21 1.1.1.2 /32 0
session-key
Specify the session keys used in the crypto policy entry.
Z9000
Syntax
session-key {inbound | outbound} {ah spi hex-key-string | esp
spi encrypt hex-key-string auth hex-key-string
To delete the session key information from the crypto policy, use the no session-key
{inbound | outbound} {ah | esp}
command.
Parameters
name
Enter the name for the transform set.
inbound Specify the inbound session key for IPSec.
outbound Specify the outbound session key for IPSec.
ah Use the AH protocol when you select the AH transform set in the
crypto policy.
esp Use the ESP protocol when you select the ESP transform set in the
crypto policy.
spi
Enter the security parameter index number.
hex-key-string
Enter the session key in hex format (a string of 8, 16, or 20 bytes). For
DES algorithms, specify at least 16 bytes per key. For SHA algorithms,
specify at least 20 bytes per key.
encrypt Indicates the ESP encryption transform set key string.
auth Indicates the ESP authentication transform set key string.
Defaults none
Command Modes CONF-CRYPTO-POLICY
Command History
This guide is platform-specific. For command information about other platforms, refer to the
relevant
FTOS Command Line Reference Guide
.
The following is a list of the FTOS version history for this command.
Version 9.2(0.2) Introduced on the Z9000, S4810, and S4820T.
Usage
Information
• This command is only available in the ipsec-manual model.
569