Dell Brocade G620 Brocade 8.0.1 Fabric OS Command Reference - Page 477
Create an IPSec proposal IPSEC-ESP to use ESP01 as the SA., Create an IPSec SA policy named ESP01
View all Dell Brocade G620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 477 highlights
ipSecConfig Example 2 The following example illustrates how to secure traffic between two systems using ESP protection with 3DES_CBC encryption and SHA1 authentication, and how to configure IKE with RSA Certificates signed by the certification authority (CA). The two systems are A SWITCH, BROCADE300 (IPv6 address fe80::220:1aff:fe34:2e82), and an external UNIX host (IPv6 address fe80::205:1fff:fe51:f09e). 1. On the system console, log in to the switch as Admin and enable IPSec. switch:admin> ipsecconfig --enable 2. Create an IPSec SA policy named ESP01, which uses ESP protection with 3DES and SHA1. switch:admin> ipsecconfig --add policy ips sa -t ESP01 \ -p esp -enc 3des_cbc -auth hmac_sha1 3. Create an IPSec proposal IPSEC-ESP to use ESP01 as the SA. switch:admin> ipsecconfig --add policy ips sa-proposal \ -t IPSEC-ESP -sa ESP01 4. Configure the SA proposal lifetime in seconds. switch:admin> ipsecconfig --add policy ips sa-proposal \ -t IPSEC-ESP -lttime 280000 -sa ESP01 5. Import the public key for the BROCADE300 (Brocade300.pem), the private key for BROCADE300 (Brocade300-key.pem), and the public key of the external host (remote-peer.pem) in X.509 PEM format from the remote certificate server (10.6.103.139). switch:admin> seccertutil import -ipaddr 10.103.6.139 \ -remotedir /root/certs -certname Brocade300.pem switch:admin> seccertutil import -ipaddr 10.103.6.139 \ -remotedir /root/certs -certname Brocade300-key.pem Brocade Fabric OS Command Reference 453 53-1004112-02