ESXi 的 IPsec 命令“esxcli network ip ipsec sa remove”中的“自动 SA”是什么?

ESXi 的 IPsec 命令“esxcli network ip ipsec sa remove”中的“自动 SA”是什么?

esxcli network ip ipsec sa remove提及帮助汽车公司但我未能从 Google 上找到任何信息。

[root@j2-ceriqv-050:~] esxcli network ip ipsec sa remove --help
Usage: esxcli network ip ipsec sa remove [cmd options]

Description:
  remove                Operation to remove Security Association(s)

Cmd options:
  -a|--remove-all       Set to remove all Security Associations.
  -d|--sa-destination=<str>
                        Ipv6 address of Security Association destination. This option needs to be
                        specified when removing an auto SA.
                                                   ^^^^^^^
  -n|--sa-name=<str>    Name for the Security Association to be removed. Specify 'auto' to remove an
                        auto SA.
                        ^^^^^^^
  -s|--sa-source=<str>  Ipv6 address of Security Association source. This option needs to be specified
                        when removing an auto SA.
                                         ^^^^^^^
  -p|--sa-spi=<str>     SPI value for the Security Association (hex). This option needs to be specified
                        when removing an auto SA
                                         ^^^^^^^

命令esxcli network ip ipsec sa add没有提及汽车公司

[root@j2-ceriqv-050:~] esxcli network ip ipsec sa add --help
Usage: esxcli network ip ipsec sa add [cmd options]

Description:
  add                   Add a Security Association.

Cmd options:
  -e|--encryption-algorithm=<str>
                        Encryption algorithm for the Security Association. Should be one in set  [null,
                        3des-cbc, aes128-cbc]. (required)
  -k|--encryption-key=<str>
                        Encryption key(ASCII or hex). Length of hex key is dependent upon algorithm
                        used. Required when a encryption algorithm has been specified.
  -i|--integrity-algorithm=<str>
                        Integrity algorithm for the Security Association. Should be one in set
                        [hmac-sha1, hmac-sha2-256]. (required)
  -K|--integrity-key=<str>
                        Integrity key(ASCII or hex). Length of hex key is dependent upon algorithm used.
                        (required)
  -d|--sa-destination=<str>
                        Ipv6 address of Security Association destination. Can be specified as 'any' or a
                        correct IPv6 address. (required)
  -m|--sa-mode=<str>    Security Association mode. Should be one in set  [transport, tunnel].
  -n|--sa-name=<str>    Name for the Security Association to be added. (required)
  -s|--sa-source=<str>  Ipv6 address of Security Association source. Can be specified as 'any' or a
                        correct IPv6 address. (required)
  -p|--sa-spi=<str>     SPI value for the Security Association(hex). (required)

答案1

的文件network ip ipsec sp add包括以下内容:

--sa-name | -a
安全协会的名称。未指定允许 vmkernel 自动选择安全关联如果不存在适用的安全关联,则 vmkernel 可以使用 IKE 请求一个。

(我突出显示)

--sa-name=auto因此,当您想要删除之前已自动选择的 SA 时,您需要提供。

相关内容