Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

361

362

363

364

365

366

367

368

369

370

-p

Specifies the protocol. protocol is one of : esp, ah, or ipcomp. You must specify one of

these protocols.

-u

Upper layer protocol to be specified. Any of the protocols from the /etc/protocols file can

be specified as upperspec, or icmp6, ip4, or any. any indicates any protocol. A protocol

number can also be specified.

-i spi

Specifies the security parameter index (SPI) for the SAD. SPI must be a decimal number or a

hexadecimal number with a 0x prefix. SPI values between 0 and 255 are reserved for future

use by IANA and cannot be used.

NOTE: The SPI value must be unique.

-m mode

Specifies the mode. Possible values are: transport or tunnel.

-load

Used with the sa add command. This is an optional parameter. If you specify this option, the

SA is loaded into the SAD. For the sa add –auto command, you are warned that the racoon

daemon will be restarted so as to load the newest racoon.conf file and that the restart will

disconnect the SAs established in the SAD.

-P

Specifies the PFS group, which defines the group of Diffie-Hellman exponentiations. If PFS is

not required, you can omit this parameter. Any proposal is accepted if this parameter is not

specified. group is one of following: modp768, modp1024, modp1536, modp2048,

modp3072, modp4096, modp6144, modp8192. Or 1, 2, 5, 14, 15, 16, 17, or 18 can be

used to define the DH group number.

algorithm

(for sa -add -manual only) is one of: -E ealgo key, -A aalgo key, or -C calgo [-R].

-E ealgo key

Specifies the encryption algorithm for ESP. ealgo key is one of:

3des-cbc (164-bit key)

3des-deriv (192-bit key)

aes-ctr (160/224/288-bit key)

Blowfish-cbc (40- to 448-bit key)

Cast128-cbc (40- to 128-bit key)

des-cbc (64-bit key)

des-deriv (64-bit key)

null (0- to 2048-bit key)

rijndael-cbc (128/192/256-bit key)

twofish-cbc (0- to 256-bit key)

-A aalgo key

Specifies the authentication algorithm for ESP. aalgo key is one of:

Aes-xcbc-mac (128-bit key)

hmac-md5 (128-bit key)

hmac-sha1 (160-bit key)

hmac-sha256 (256-bit key)

364