HP StorageWorks 8/40 Brocade Fabric OS Command Reference v6.3.0 (53-1001337-01 - Page 442
Specifies the IPsec protocol. Encapsulating Security Payload ESP, algorithm, number
View all HP StorageWorks 8/40 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 442 highlights
2 ipsecConfig -ipsec ah|esp Specifies the IPsec protocol. Encapsulating Security Payload (ESP) provides confidentiality, data integrity and data source authentication of IP packets, and protection against replay attacks. Authentication Header (AH) provides data integrity, data source authentication, and protection against replay attacks but, unlike ESP, does not provide confidentiality. -action discard|bypass|protect Specifies the IPsec protection type regarding the traffic flows. -direction in|out Specifies traffic flow direction as inbound or outbound. -mode tunnel|transport Specifies the IPsec mode. In tunnel mode, the IP datagram is fully encapsulated by a new IP datagram using the IPsec protocol. In transport mode, only the payload of the IP datagram is handled by the IPsec protocol; it inserts the IPsec header between the IP header and the upper-layer protocol header. -enc algorithm Specifies the encryption algorithm. Valid encryption algorithms include the following: • 3des_cbc - 3DES algorithm • null_enc - Null encryption algorithm(cleartext) -auth algorithm Specifies the authentication algorithm. Valid authentication algorithms include the following: • hmac_md5 - MD5 algorithm • hmac_sha1 - SH1 algorithm -enc-key number Specifies the encryption key. This is a user-generated key based on the length of the key. Use the LINUX random key generator or any other comparable third party utility to generate the manual SA keys. Refer to the Fabric OS Administrator's Guide for details. • A 192-bit value for the 3des_cbc encryption algorithm, for example, 0x96358c90783bbfa3d7b196ceabe0536b • A zero-bit value for the null_enc encryption algorithm. -auth-key number Specifies the authentication key. This is a user-generated key based on the length of the key. • A 128-bit value for the hmac_md5 authentication algorithm. • A 160-bit value for the hmac_sha1 authentication algorithm. The following operands are optional: tunnel-local ipaddress Specifies the local tunnel IPv4 or IPv6 address. tunnel-remote ipaddress Specifies the peer tunnel IPv4 or IPv6 address. 412 Fabric OS Command Reference 53-1001337-01