1. ACLI Reference Guide
  2. ACLI Configuration Elements A-M
  3. ipsec > security-association > manual

ipsec > security-association > manual

The manual subelement is where you manually configure a security association on the Oracle Communications Session Border Controller.

Parameters

name
Enter the name for this security policy
spi
Set the security parameter index
  • Default: 256
  • Values: Min: 256 | Max: 2302
network-interface
Enter the network interface and VLAN where this security association applies in the form of: interface_name:VLAN
local-ip-address
Enter the local IP address to match for traffic selectors for this SA
remote-ip-addr
Enter the remote IP address to match for traffic selectors for this SA
local-port
Enter the local port to match for traffic selectors for this SA
remote-port
Enter the remote port to match for traffic selectors for this SA
  • Default: 0
  • Values: Min: 0 (disabled) | Max: 65535
trans-protocol
Select the transport protocol to match for traffic selectors for this SA
  • Default: ALL
  • Values: UDP | TCP | ALL | ICMP
ipsec-protocol
Select the IPsec protocol used for this SA
  • Default: esp
  • Values: esp | ah
direction
Set the direction of traffic this security association can apply to
  • Default: both
  • Values: in | out | both
ipsec-mode
Select the IPsec mode of this SA
  • Default: transport
  • Values: tunnel | transport
auth-algo
Select the IPsec authentication algorithm for this SA
  • Default: null
  • Values: hmac-md5 | hmac-sha-1 | null
enrc-algo
Enter the IPsec encryption algorithm for this SA
  • Default: null
  • Values: des | 3des | aes-128-cbc | aes-256-cbc | aes-128-ctr | aes-256-ctr | null
auth-key
Enter the authentication key for the previously chosen authentication algorithm for this SA
encr-key
Enter the encryption key for the previously chosen encryption algorithm for this SA
aes-ctr-nonce
Enter the AES nounce. This only applies if aes-128-ctr or aes-256-ctr are chosen as your encryption algorithm.
  • Default: 0
tunnel-mode
Enter the tunnel-mode subelement

Path

security-association is a subelement under the ipsec element. The full path from the topmost ACLI prompt is:configure-terminal > security > ipsec > security-association