Dell Brocade 6520 Command Reference Supporting Fabric OS v7.1.0 - Page 510
Defines the Security Association. An SA specifies the IPSec protocol AH or, ipsecConfig --flush
View all Dell Brocade 6520 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 510 highlights
2 ipSecConfig -mode tunnel | transport Specifies the IPSec transform mode. In tunnel mode, the IP datagram is fully encapsulated by a new IP datagram using the IPSec protocol. In transport mode, only the payload of the IP datagram is handled by the IPSec protocol inserting the IPSec header between the IP header and the upper-layer protocol header. -sa-proposal name Specifies the SA proposal to be included in the transform. You must create the SA proposal first before you can include it in the transform. Use ipsecConfig --show policy ips sa-proposal -a for a listing of existing SA proposals. -action discard | bypass | protect Specifies the protective action the transform should take regarding the traffic flows. -ike name Specifies the IKE policy to be included in the transform. This operand is optional. Use ipsecConfig --show policy ike -a for a listing of existing IKE policies. -local IP_address[/prefixlength] Specifies the source IPv4 or IPv6 address. This operand is optional. If a local source IP address is defined, a remote peer IP address must also be defined. -remote IP_address[/prefixlength] Specifies the peer IPv4 or IPv6 address. This operand is optional. If a remote peer IP address is defined, a local source IP address must also be defined. sa-proposal Defines the security associations (SA) proposal, including name, SAs to be included and lifetime of the proposal. The following operands are supported: -tag name Specifies a name for the SA proposal. This is a user-generated name. The name must be between 1 and 32 characters in length, and may include alphanumeric characters, dashes (-), and underscores (_). -sa name[,name] Specifies the SAs to include in the SA proposal. The bundle consists of one or two SA names, separated by commas. For SA bundles, [AH, ESP] is the supported combination. The SAs must be created prior to being included in the SA proposal. This operand is required. -lttime number Specifies the SA proposal's lifetime in seconds. This operand is optional. If a lifetime is not specified, the SA does not expire. If lifetime is specified both in seconds and in bytes, the SA expires when the first expiration criterion is met. -ltbyte number Specifies the SA proposal's lifetime in bytes. The SA expiries after the specified number of bytes have been transmitted. This operand is optional. sa Defines the Security Association. An SA specifies the IPSec protocol (AH or ESP), the algorithms used for encryption and authentication, and the expiration definitions used in security associations of the traffic. IKE uses these values in negotiations to create IPSec SAs. You cannot modify an SA once it is created. Use ipsecConfig --flush manual-sa to remove all SA entries from the kernel SA database (SADB) and start over. 482 Fabric OS Command Reference 53-1002746-01