Dell Brocade G620 Brocade 8.0.1 Fabric OS Command Reference - Page 467
remote, transform, ipsecConfig --show, protocol, sa-proposal, policy ips sa-proposal -a, action
View all Dell Brocade G620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 467 highlights
ipSecConfig -remote IP_address[/prefixlength] Specifies the peer IPv4 or IPv6 address -transform name Specifies the transform to be included in the selector. You must create the transform before you can use in the selector. Use ipsecConfig --show policy ips transform to display existing transforms. -protocol protocol_name Specifies the upper layer protocols to be selected for IPSec protection. Valid protocols include tcp, udp, icmp or any. When any is specified all existing protocols are selected for protection. This operand is optional. transform Creates the IPSec transform set. The transform set is a combination of IPSec protocols and cryptographic algorithms that are applied on the packet after it is matched to a selector. The transform set specifies the IPSec protocol, the IPSec mode, and the action to be performed on the IP packet. It also specifies the key management policy that is needed for the IPSec connection and the encryption and authentication algorithms to be used in security associations when IKE is used as key management protocol. The following operands are required: -tag name Specifies a name for the transform. This is a user-generated name. The name must be between 1 and 32 characters in length, and may include alphanumeric characters, dashes (-), and underscores (_). -mode tunnel | transport Specifies the IPSec transform mode. In tunnel mode, the IP datagram is fully encapsulated by a new IP datagram using the IPSec protocol. In transport mode, only the payload of the IP datagram is handled by the IPSec protocol inserting the IPSec header between the IP header and the upper-layer protocol header. -sa-proposal name Specifies the SA proposal to be included in the transform. You must create the SA proposal first before you can include it in the transform. Use ipsecConfig --show policy ips sa-proposal -a for a listing of existing SA proposals. -action discard | bypass | protect Specifies the protective action the transform should take regarding the traffic flows. -ike name Specifies the IKE policy to be included in the transform. This operand is optional. Use ipsecConfig --show policy ike -a for a listing of existing IKE policies. -local IP_address[/prefixlength] Specifies the source IPv4 or IPv6 address. This operand is optional. If a local source IP address is defined, a remote peer IP address must also be defined. -remote IP_address[/prefixlength] Specifies the peer IPv4 or IPv6 address. This operand is optional. If a remote peer IP address is defined, a local source IP address must also be defined. Brocade Fabric OS Command Reference 443 53-1004112-02