HP A7533A HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, Dece - Page 391

The parameters listed inTable 88 can be modified: Table 88 Modifiable policy parameters Parameter Description Encryption Algorithm 3DES-168-bit key AES-128-128-bit key (default) AES-256-256-bit key Authentication Algorithm SHA-1-Secure Hash Algorithm (default) MD5-Message Digest 5 AES-XCBC-Used only for IPSec Security Association lifetime in seconds The lifetime in seconds of the security association. A new key is renegotiated before seconds expires. Seconds must be between 28800 to 250000000 or 0. Default is 28800 sec. PFS (Perfect Forward Secrecy) Applies only to IKE policies. Choices are On/Off; default is On. Diffie-Hellman group Group 1-768 bits (default) Group 14-2048 bits Managing policies Use the policy command to create, delete, and show IKE and IPSec policies. To create a new policy: 1. Log in to the switch as admin. 2. Issue the policy command to create IKE and IPSec policies: policy --create type number [-enc encryption_method][-auth authentication_algorithm] [-pfs off|on] [-dh DH_group] [-seclife secs] where: type and number encryption_method authentication_algorithm DH_Group secs The type of policy being created (IKE or IPSec) and the number for this type of policy. To easily determine how many policies have been created, consider using sequential numbering. The range of valid values is any whole number from 1 through 32. The supported type of encryption. Valid options are 3DES, AES-128, and AES-256. AES-128 is the default. The authentication algorithm. Valid options are SHA-1, MD5, and AES-XCBC (IPSec only). SHA-1 is the default. The Diffie-Hellman group. Supported groups are Group 1 and Group 14. Group 1 is the default. The security association lifetime in seconds. 28800 is the default. Fabric OS 6.1.x administrator guide 391