Dell Brocade G620 Brocade 8.0.1 Fabric OS Command Reference - Page 480
To display the IPSec IKE Policy, Example 4, ipsecConfig --show manual-sa -a, IPSec display commands
![]() |
View all Dell Brocade G620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 480 highlights
ipSecConfig 456 Example 4 The following example illustrates how to secure traffic between two systems using protection with MD5 and Manually keyed SAs. The two systems are a switch, the BROCADE300 (IPv4 address 10.33.74.13), and an external UNIX host (IPv4 address 10.33.69.132). 1. On the system console, log in to the switch as Admin and enable IPSec. switch:admin> ipsecconfig --enable 2. Create an IPSec Manual SA that uses AH protection with MD5 for outbound traffic: switch:admin> ipsecconfig --add manual-sa -spi 0x300 \ -l 10.33.74.13 -r 10.33.69.132 -p any -d out -m transport \ -ipsec ah -ac protect -auth hmac_md5 \ -auth-key "TAHITEST89ABCDEF" 3. Create an SA for inbound traffic. switch:admin> ipsecconfig --add manual-sa -spi 0x200 \ -l 10.33.69.132 -r 10.33.74.13 -p any -d in \ -m transport -ipsec ah -ac protect -auth hmac_md5 \ -auth-key "TAHITEST89ABCDEF" 4. Verify the SAs using ipsecConfig --show manual-sa -a. Refer to the IPSec display commands section for an example. 5. Perform the equivalent steps on the remote peer to complete the IPSec configuration. Refer to your server administration guide for instructions. IPSec display commands To display the IPSec IKE Policy: switch:admin> ipsecconfig --show policy ike -a IKE-01 version:ikev2 remote:10.33.69.132 local-id:10.33.74.13 remote-id:10.33.69.132 encryption algorithm: 3des_cbc hash algorithm: hmac_md5 prf algorithm: hmac_md5 dh group: 2 1 auth method:rsasig public-key:"/etc/fabos/certs/sw0/thawkcert.pem" private-key:"/etc/fabos/certs/sw0/thawkkey.pem" peer-public-key:"/etc/fabos/certs/sw0/spiritcert.pem To display the outbound and inbound SAs in the kernel SA database: switch:admin> ipsecconfig --show manual-sa -a 10.33.69.132[0] 10.33.74.13[0] ah mode=transport spi=34560190(0x020f58be) reqid=0(0x00000000) A: hmac-md5 7e5aeb47 e0433649 c1373625 34a64ece seq=0x00000000 replay=32 flags=0x00000000 state=mature created: Oct 15 23:34:55 2008 current: Oct 15 23:35:06 2008 diff: 11(s) hard: 2621440(s) soft: 2100388(s) last: Oct 15 23:34:56 2008 hard: 0(s) soft: 0(s) current: 256(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 4 hard: 0 soft: 0 sadb_seq=1 pid=10954 refcnt=0 Brocade Fabric OS Command Reference 53-1004112-02
![](/manual_guide/products/dell-brocade-g620-brocade-801-fabric-os-command-reference-c7958e0/480.png)