Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

361

362

363

364

365

366

367

368

369

370

climconfig.sa(1)

NAME

climconfig.sa -- configure security associations

SYNOPSIS

The command for managing security associations to the configuration file ipsec-tools.conf

is:

CLIMCMD {clim-name|ip-address} climconfig sa -add –manual

[-prov prov—name] -s src-ip -d dst-ip -p protocol

-i spi [-m {tunnel|transport}] algorithm [-load]

The command for adding proposals for a security association into the configuration file

racoon.conf is:

CLIMCMD {clim-name|ip-address} climconfig sa -add

[-prov prov—name]{ -s src-id -d dst-id -u upperspec|

anonymous} [-P pfs_group] -E encryption_algorithm

-A authentication_algorithm -C compression_algorithm

[-restart [-force]]

The command for deleting a security association from the configuration file ipsec-tools.conf

is:

CLIMCMD {clim-name|ip-address} climconfig sa -delete -manual

[-prov prov—name] -s src-id -d dst-id -u upperspec|

anonymous} -p protocol -i spi [-unload [-force]]

The command for deleting a security association from the configuration file racoon.conf is:

CLIMCMD {clim-name|ip-address} climconfig sa -delete

[-prov prov—name] {-s src-id -d dst-id -u upperspec|

anonymous} [-restart [-force]]

The command for obtaining information about a security association is:

CLIMCMD {clim-name|ip-address} climconfig sa -info

[-prov {prov—name | all}] anonymous|[-s src-ip]

[-d dst-ip][-p protocol]|[-u upperspec]][-obeyform]

The command for unloading SAs from the SAD is:

CLIMCMD {clim-name|ip-address} climconfig sa -stop

[-prov prov—name][-s src-ip -d dst-ip

-p {esp|ah|ipcomp}|-i spi-value][-force]

climconfig.sa Description

The sa command does the following:

sa -add

adds the proposals for a security association into the configuration file racoon.conf. The

command parameters are reformatted into a sainfo <...> format that the racoon daemon

accepts. The SA establishment depends on the application connect.

sa -add -manual

adds a security association to the configuration file ipsec-tools.conf. The command

parameters are reformatted into an add <...> type of setkey command. The SA is not

loaded into the SAD unless the -load option is specified.

sa -delete

deletes the security associations from the file racoon.conf. If there are any SAs activated

on the CLIM, they are not affected.

sa -delete -manual deletes the security associations from the file ipsec-tools.conf.

If any SAs are activated on the CLIM, they are not affected. The SA is not unloaded from the

SAD unless the -unload option is specified.

362