HP StorageWorks 8/24 HP StorageWorks Fabric OS 6.1.x administrator guide (5697 - Page 388
IPSec parameters
View all HP StorageWorks 8/24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 388 highlights
IPSec policies are managed using the policy command. You can configure up to 32 IKE and 32 IPSec policies. Policies cannot be modified; they must be deleted and recreated in order to change the parameters. You can delete and recreate any policy as long as the policy is not being used by an active FCIP tunnel. Each FCIP tunnel is configured separately and may have the same or different IKE and IPSec policies as any other tunnel. Only one IPSec tunnel can be configured for each GbE port. IPSec parameters When creating policies, the parameters listed in Table 90 are fixed and cannot be modified: Table 90 Fixed policy parameters Parameter Fixed Value IKE negotiation protocol Main mode ESP Tunnel mode IKE negotiation authentication method Preshared key 3DES encryption Key length of 168 bits AES encryption Key length of 128 or 256 The parameters listed inTable 91 can be modified: Table 91 Modifiable policy parameters Parameter Description Encryption Algorithm Authentication Algorithm Security Association lifetime in seconds 3DES-168-bit key AES-128-128-bit key (default) AES-256-256-bit key SHA-1-Secure Hash Algorithm (default) MD5-Message Digest 5 AES-XCBC-Used only for IPSec The lifetime in seconds of the security association. If PFS is enabled, a new IKE SA using new key material will be negotiated before this value expires. Default is 28800 sec. PFS (Perfect Forward Secrecy) Applies only to IKE policies. Choices are On/Off and default is On. Diffie-Hellman group Group 1-768 bits (default) Group 14-2048 bits 388 Configuring and monitoring FCIP extension services