Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

361

362

363

364

365

366

367

368

369

370

NOTE: The -manual part of the command must follow sa -add and sa -delete directly.

sa -info

displays security association configurations from the file ipsec-tools.conf or

racoon.conf. If no options are selected, all the SAs are listed from both of these configuration

files.

sa -stop

unloads security associations from the SAD. If you specify any of the optional parameters in

the first group (-s, -p, -d, -i), you must specify all of them. sa -stop is one of the commands

for deactivating VPN connections.

PARAMETERS

-manual

When specified with the add subcommand, adds a security association into the

ipsec-tools.conf file. The command parameters are reformatted into an add <...>

type of setkey command. The SA is not loaded into the SAD unless the -load option is

specified.

When specified with the delete subcommand, deletes a security association from the

ipsec-tools.conf file. If there are any SAs activated on the CLIM, they are not impacted.

The SA is not unloaded from the SAD unless the -unload option is specified.

-prov

Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to

ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own IPSec

configuration. The provider name is case-insensitive and always converted to UPPER case.

-s src-ip

Specifies the source IP address of the secure communication as either an IPv4 or IPv6 address,

and an optional port number enclosed in brackets, in the following form:

address [/ prefix] [[port]]

prefix and port must be decimal numbers.

-d |dst-id

Specifies the destination IP address of the secure communication as either an IPv4 or IPv6

address, and an optional port number between square brackets, in the following form:

address [/ prefix] [[port]]

-E

Is the encryption algorithm. Supported algorithms are: des, 3des, des_iv64, des_iv32,

rc5, rc4, idea, 3idea, cast128, blowfish, null_enc, twofish, rijndael, aes

(used with ESP). This option is for the sa -add commands (not sa -add -manual) for which the

configurations go into the racoon.conf file.

-A

Authentication algorithm. Supported algorithms include des, 3des, des_iv64, des_iv32,

hmac_md5, hmac_sha1, hmac_sha256, hmac_sha384, hmac_sha512, non_auth (used

with ESP authentication and AH). This option is for the sa -add commands (not sa -add -manual)

for which the configurations go into the racoon.conf file.

-C

Compression algorithm. The supported algorithm is deflate (used with IPComp). This option

is for the sa -add commands (not sa -add -manual) for which the configurations go into the

racoon.conf file.

363