Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base Command Reference Manual page 409

Fabric OS Command Reference
53-1001186-01
-ltbyte number
Specifies the SA proposal's lifetime in bytes. The SA expiries after the
specified number of bytes have been transmitted. This operand is
optional.
sa Defines the Security Association. An SA specifies the IPsec protocol (AH
or ESP), the algorithms used for encryption and authentication, and the
expiration definitions used in security associations of the traffic. IKE uses
these values in negotiations to create IPsec SAs.
You cannot modify an SA once it is created. Use ipsecConfig --flush
manual-sa to remove all SA entries from the kernel SA database (SADB)
and start over.
-tag name
Specifies a name for the SA. This is a user-generated name. The name
must be between 1 and 32 characters in length, and may include
alphanumeric characters, dashes (-), and underscores (_). This operand
is required.
-protocol ah|esp
Specifies the IPsec protocol. Encapsulating Security Payload (ESP)
provides confidentiality, data integrity and data source authentication of
IP packets, and protection against replay attacks. Authentication Header
(AH) provides data integrity, data source authentication, and protection
against replay attacks but, unlike ESP, does not provide confidentiality.
This operand is required.
-auth algorithm
Specifies the authentication algorithm. This operand is required. Valid
algorithms include:
•
hmac_md5 - MD5 authentication algorithm
•
hmac_sha1 - SHA1 authentication algorithm
-enc algorithm
Specifies the encryption algorithm. This operand is required. Valid
algorithms include:
•
3des_cbc - 3DES encryption algorithm
•
blowfish_cbc - Blowfish encryption algorithm
•
null_enc - Null encryption algorithm
•
aes256_cbc - AES-256 algorithm
-spi number
Specifies the security parameter index (SPI) for the SA. This is a
user-defined index. Valid SPI numbers consist of numeric characters
(0-9). This operand is optional.
2
ipsecConfig
381