HP 8/40 Brocade Fabric OS Command Reference v6.3.0 (53-1001337-01, July 2009) - Page 439
Defines the Security Association. An SA specifies the IPsec protocol AH
View all HP 8/40 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 439 highlights
ipsecConfig 2 -ltbyte number Specifies the SA proposal's lifetime in bytes. The SA expiries after the specified number of bytes have been transmitted. This operand is optional. sa Defines the Security Association. An SA specifies the IPsec protocol (AH or ESP), the algorithms used for encryption and authentication, and the expiration definitions used in security associations of the traffic. IKE uses these values in negotiations to create IPsec SAs. You cannot modify an SA once it is created. Use ipsecConfig --flush manual-sa to remove all SA entries from the kernel SA database (SADB) and start over. -tag name Specifies a name for the SA. This is a user-generated name. The name must be between 1 and 32 characters in length, and may include alphanumeric characters, dashes (-), and underscores (_). This operand is required. -protocol ah|esp Specifies the IPsec protocol. Encapsulating Security Payload (ESP) provides confidentiality, data integrity and data source authentication of IP packets, and protection against replay attacks. Authentication Header (AH) provides data integrity, data source authentication, and protection against replay attacks but, unlike ESP, does not provide confidentiality. This operand is required. -auth algorithm Specifies the authentication algorithm. This operand is required. Valid algorithms include: • hmac_md5 - MD5 authentication algorithm • hmac_sha1 - SHA1 authentication algorithm -enc algorithm Specifies the encryption algorithm. This operand is required. Valid algorithms include: • 3des_cbc - 3DES encryption algorithm • blowfish_cbc - Blowfish encryption algorithm • null_enc - Null encryption algorithm • aes256_cbc - AES-256 algorithm -spi number Specifies the security parameter index (SPI) for the SA. This is a user-defined index. Valid SPI numbers consist of numeric characters (0-9). This operand is optional. Fabric OS Command Reference 409 53-1001337-01