HP StorageWorks 8/40 Brocade Fabric OS Command Reference v6.3.0 (53-1001337-01 - Page 441
Enables or disables Perfect Forward Secrecy PFS. PFS is disabled
View all HP StorageWorks 8/40 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 441 highlights
ipsecConfig 2 The following operands are optional (use secCertUtil import to import the key files to the local and remote systems): -psk file Specifies the pre-shared key filename. -pubkey file Specifies the public key filename (in X.509 PEM format). -privkey file Specifies the private key filename (in X.509 PEM format). -peerpubkey file Specifies the peer public key filename (in X.509 PEM format). -lttime number Specifies the key lifetime in seconds. If a lifetime is not specified, the keys do not expire. If a lifetime is specified both in seconds and in bytes, the keys expire when the first expiration criterion is met. -ltbyte number Specifies the key lifetime in bytes. The keys expire after the specified number of bytes have been transmitted. -pfs on|off Enables or disables Perfect Forward Secrecy (PFS). PFS is disabled by default. When PFS is disabled, IKE uses the initial master key it generates in Phase1 to generate the keys for SA connections in Phase2. When PFS is enabled, a new key is generated for keying the SAs. Enabling PFS may provide enhanced protection against keys compromise. -version 1|2 Specifies the IKE version. This operand is optional. If not specified, IKEv2 is used (2). If 1 is specified, IKEv1 is selected. Use -v 2 to revert to version 2 after version 1 was set. manual-sa Creates manually keyed SADB entries. When using this option, you must generate the keys manually, The lifetime of an SA entry created using this command is infinite. You cannot modify manually keyed SA entries. Use ipsecConfig --flush, or ipsecConfig --delete and recreate the entries. The syntax for creating an SADB entry is as follows: ipsecconfig --add manual-sa arguments. arguments Valid arguments for manual-sa include: -spi number Specifies the security parameter index (SPI) for the SA. This is a user-defined index. Valid SPI numbers consist of numeric characters (0-9). -local ipaddress Specifies the local IPv4 or IPv6 address. -remote ipaddress Specifies the remote IPv4 or IPv6 address. -protocol protocol_name Specifies the upper layer protocols to be selected for protection. Valid protocols include tcp, udp, icmp or any. When any is specified all existing protocols are selected for protection. Fabric OS Command Reference 411 53-1001337-01