1. ACLI Reference Guide
  2. ACLI Configuration Elements A-M
  3. ike-sainfo

ike-sainfo

The ike-sainfo configuration element enables negotiation and establishment of IPsec tunnels.

Parameters

name
Enter the unique name of this instance of the ike-sainfo configuration element.
  • Default: None
  • Values: A valid configuration element name, that is unique within the 
 ike-sainfo namespace
security-protocol
Enter the IPsec security (authentication and encryption) protocols supported by this SA.
  • Default: ah
  • Values:
    • ah—RFC 4302 authentication services
    • esp—RFC 4303 encryption services
    • esp-auth—RFC 4303 encryption and authentication services
    • esp-null—RFC 4303 encapsulation, lacks encryption — not for production environments
    • auth-algo — Set the authentication algorithms supported by this SA.
auth-algo
Set the authentication algorithms supported by this SA.
  • Default: any
  • Values:
    • ah-Chose any
    • md5-Message Digest algorithm 5
    • sha1-Secure Hash Algorithm
ipsec-mode
Select the IPSec operational mode. Transport mode provides a secure end-to-end connection between two IP hosts. Tunnel mode provides VPN service where entire IP packets are encapsulated within an outer IP envelope and delivered from source (an IP host) to destination (generally a secure gateway) across an untrusted internet.
  • Default: transport
  • Values: transport | tunnel
tunnel-local-addr
Enter the IP address of the local IP interface that terminates the IPsec tunnel (relevant only if the ipsec-mode is tunnel, and otherwise is ignored).
  • Default: None
  • Values: Any valid local IP address
tunnel-remote-addr
Enter the IP address of the remote peer or host (relevant only if the ipsec-mode is tunnel, and is otherwise ignored).
  • Default: * (matches all IP addresses)
  • Values: Any valid IP address

Path

ike-sainfo is a subelement under the ike element. The full path from the topmost ACLI prompt is: configure terminal > security > ike > ike-sainfo.

Note:

This is a multiple instance configuration element.

Configures an ike-sainfo instance named star.

Default values for auth-algo (any) and encryption-algo (any) provide support for MD5 and SHA1 authentication and AES/3DES encryption. The default value for tunnel-remote-address (*) matches all IPv4 addresses.

Non-default values specify IPsec tunnel mode running ESP, and identify the local tunnel endpoint.