TMS zl Management and Configuration Guide ST.1.1.100226
A-143
Command-Line Reference
IPsec Policy Context
Replace <remote IP address> with the IP address of the remote gateway.
You must type the IP address that the remote gateway specifies for its local
gateway address. This is the IP address at which the TMS zl Module can reach
the remote gateway (typically, a public IP address).
For example:
ProCurve(tms-module-<slot ID>:ipsec:apply:manual)#
remote-gateway 172.16.23.1
keys. This command sets the keys that the IPsec policy uses to secure the
SA. Inbound keys on this TMS zl Module must match outbound keys on the
remote gateway and vice versa.
Syntax: keys encryption inbound <inbound encryption key> outbound <outbound
encryption key> auth inbound <inbound auth key> outbound <outbound auth key>
The encryption option is only available when your IPsec proposal includes
an encryption algorithm. Similarly, the auth option is only available when your
IPsec proposal includes an authentication algorithm. All options that are
available are required.
Replace <inbound encryption key> with an alphanumeric key string. The
correct number of characters depends on the encryption algorithm that you
selected in the IPsec proposal. The CLI indicates the correct number when
you enter the IPsec manual keys context.
Replace <outbound encryption key> with an alphanumeric key string of
the same length as the inbound key.
Replace <inbound auth key> with an alphanumeric key string. The correct
number of characters depends on the authentication algorithm that you
selected in the IPsec proposal. The CLI indicates the correct number when
you enter the IPsec manual keys context.
Replace <outbound auth key> with an alphanumeric key string of the same
length as the outbound key.
For example:
ProCurve(tms-module-<slot ID>:ipsec:apply:manual)# keys
encryption inbound xxxxyyyy outbound 12345678 auth
inbound xxxxyyyyzzzzwwww outbound 1234567812345678