Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

select the desired provider's configuration.

Security associations are used by the authentication header (AH) and encapsulating security

payload (ESP) to agree upon the security algorithms, transforms, and parameters shared by the

sender and the receiver of a protected traffic flow. Use the climconfig sa command to configure

the security associations.

SA objects can either be configured as automatic SAs (the default), or as manual SAs (specified

with the -manual argument). Manual SAs are, by default, not immediately added to the active

SAD maintained by the kernel, unless the -load parameter is specified. Automatic SAs alter the

configuration of racoon, but racoon is not informed immediately of the change unless the -restart

argument is specified. Automatic SAs do not result in SAs being added to the SAD until racoon

successfully completes an IKE negotiation, as directed by the automatic SA configuration.

The climconfig remote command alters racoon configuration to add or delete instructions for IKE

Phase 1 with remote peers, specifying how to authenticate the peer and what security parameters

to use for Phase 1 SAs. Like automatic SAs, racoon is not immediately informed when remote

configurations are added, unless the "-restart" parameter is specified to restart racoon with the

new configuration.

The remote command alters or gets information about the contents of the /etc/racoon/racoon.conf

file.