[Contents] [Prev] [Next] [Index] [Report an Error]

[edit security] Hierarchy Level

security {

    certificates  {

cache-size bytes;

cache-timeout-negative seconds; 

certification-authority ca-profile-name {

    ca-name certificate-authority-name;

    crl file-name;

    file certifcate-file-name;

       enrollment-url url-name;

       ldap-url url-name;

}

enrollment-retry number;

local certificate-name;

maximum-certficates number;

path-length bytes; 

    }

    ike {

        proposal ike-proposal-name {        

               authentication-algorithm (md5 | sha1);

    authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures); 

            dh-group (group1 | group2);

                encryption-algorithm (3des-cbc | des-cbc);

            lifetime-seconds seconds; 

        }

    policy ike-peer-address {

        identity identity-name;

               local-certificate certifcate-file-name;

               local-key-pair private-public-key-file;

        mode (aggressive | main);

        pre-shared-key (ascii-text key | hexadecimal key);  

        proposal [ike-proposal-names]; 

    } 

    policy-source local-address {

        local-certificate certificate-file-name;

               local-key-pair private-public-key-file;

        mode (aggressive | main);

        proposal [ike-proposal-names];

        destination peer-address {    

            identity identity-name;

            local-certificate certificate-file-name;

                   local-key-pair private-public-key-file;

            proposal [ike-proposal-names];

          }

        destination peer-address; 

               destination peer-address; 

      }

    }

    ipsec {

        proposal ipsec-proposal-name {

            authentication-algorithm (hmac-md5-96 | hmac-sha1-96);

            encryption-algorithm (3des-cbc | des-cbc);

            lifetime-seconds seconds; 

            protocol (ah | esp | bundle);

        }

        policy ipsec-policy-name {

            perfect-forward-secrecy {

                keys (group1 | group2); 

            }

            proposal [ipsec-proposal-names];

        }

        security-association name {

            mode         (tunnel | transport); 

            manual {

            direction (inbound | outbound | bi-directional) {

                auxiliary-spi auxiliary-spi-value;

                spi spi-value;

                protocol (ah | esp | bundle);

                authentication {

                    algorithm (hmac-md5-96 | hmac-sha1-96);

                    key (ascii-text key | hexadecimal key);

                }

                encryption {

                    algorithm (des-cbc | 3des-cbc);

                    key (ascii-text key | hexadecimal key);

                }

            }

             dynamic {

                <security-association (32 | 64)>;

                ipsec-policy policy-name;

            }

    traceoptions { 

        file <files number> <size size>;

        flag all;

        flag database;

        flag general;

        flag ike;

        flag parse;

        flag policy-manager;

        flag routing-socket;

        flag timer;

    }

        }

    }

} # End of [edit security] hierarchy level
[Contents] [Prev] [Next] [Index] [Report an Error]