Table 38. Security Association settings (continued)
Name of setting Available Values Comments
Enable ESP checked/unchecked ESP (Encapsulation Security Payload)
mode activation
Security Association Lifetime (sec) 0 - 65535 Defines the lifetime of a Security
Association (SA) in seconds. After
this lifetime, the SA expires and a
new SA is negotiated with the peer.
Only applicable where IKE is used.
Without IKE, a SA never expires.
SPI 256 - 16000 This value is normally 0; it is
auto-generated by the system. Only
in a special case (such as test) is it set
to a defined value: the peer side
expects a dedicated value. If IKE is
used, its value is ignored.
Note: Values are not checked if they
are in valid range. Values<256 and
values>16000 are reserved for IKE
type connections.
Authentication Algorithm See Table 37 on page 141 Hash Algorithm that is used by AH
and ESP to authentication.
Encryption Algorithm See Table 37 on page 141 Encryption Algorithm that is used by
ESP to encrypt the message.
Authentication Key Alphanumeric value Static key for Authentication. Used
only in non-IKE mode. Length
depends on the algorithm used.
v SHA-1 Key Length: 20 char
Encryption Key Alphanumeric value Static key for Encryption. Used only
in non-IKE mode. Length depends on
the algorithm used.
v AES Key Length: 16 char
v 3DES Key Length: 24 char
v NULL (only for test) Key Length: 0
char
10. To save the policy setting, click Submit. Submit always stores current settings in the actual policy
slot and returns to the IPSec maintenance page. Figure 123 on page 145 is showing one saved policy
that is named PolicyTCPTransport.
144 IBM TS3100 Tape Library and TS3200 Tape Library: Setup, Operator, and Service Guide Machine Type 3573
To Next Page
Loading...
Need help?
General
