Service Manual
• Congure match for bi-directional trac for optimal routing.
• Only TCP is supported.
Example
match 0 tcp a::1 /128 0 a::2 /128 23
match 1 tcp a::1 /128 23 a::2 /128 0
match 2 tcp a::1 /128 0 a::2 /128 21
match 3 tcp a::1 /128 21 a::2 /128 0
match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23
match 5 tcp 1.1.1.1 /32 23 1.1.1.2 /32 0
match 6 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21
match 7 tcp 1.1.1.1 /32 21 1.1.1.2 /32 0
session-key
Specify the session keys used in the crypto policy entry.
Syntax
session-key {inbound | outbound} {ah spi hex-key-string | esp spi encrypt
hex-key-string auth hex-key-string
To delete the session key information from the crypto policy, use the no session-key {inbound |
outbound} {ah | esp} command.
Parameters
name Enter the name for the transform set.
inbound Specify the inbound session key for IPSec.
outbound Specify the outbound session key for IPSec.
ah Use the AH protocol when you select the AH transform set in the crypto policy.
esp Use the ESP protocol when you select the ESP transform set in the crypto policy.
spi Enter the security parameter index number.
hex-key-string Enter the session key in hex format (a string of 8, 16, or 20 bytes). For DES
algorithms, specify at least 16 bytes per key. For SHA algorithms, specify at least
20 bytes per key.
encrypt Indicates the ESP encryption transform set key string.
auth Indicates the ESP authentication transform set key string.
Defaults none
Command Modes CONF-CRYPTO-POLICY
Command History
This guide is platform-specic. For command information about other platforms, refer to the relevant Dell
Networking OS Command Line Reference Guide.
The following is a list of the Dell Networking OS version history for this command.
Version Description
9.8(0.0) Introduced on the S3048-ON and S4048-ON.
Internet Protocol Security (IPSec)
681