Ipsec Parameters; Fixed Policy Parameters; Modifiable Policy Parameters - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

IPSec policies are managed using the policy command.
You can configure up to 32 IKE and 32 IPSec policies. Policies cannot be modified; they must be deleted
and recreated in order to change the parameters. You can delete and recreate any policy as long as the
policy is not being used by an active FCIP tunnel.
Each FCIP tunnel is configured separately and may have the same or different IKE and IPSec policies as
any other tunnel. Only one IPSec tunnel can be configured for each GbE port.

IPSec parameters

When creating policies, the parameters listed in
Table 99

Fixed policy parameters

Parameter
IKE negotiation protocol
ESP
IKE negotiation authentication method
3DES encryption
AES encryption
The parameters listed
Table 100

Modifiable policy parameters

Parameter
Encryption Algorithm
Authentication Algorithm
Security Association lifetime in
seconds
PFS (Perfect Forward Secrecy)
Diffie-Hellman group
428 Configuring and monitoring FCIP extension services
Fixed Value
Main mode
Tunnel mode
Preshared key
Key length of 168 bits
Key length of 128 or 256
inTable 100 can be modified:
Description
3DES—168-bit key
AES- 1 28—128-bit key (default)
AES-256—256-bit key
SHA- 1 —Secure Hash Algorithm (default)
MD5—Message Digest 5
AES-XCBC—Used only for IPSec
The lifetime in seconds of the security association. If PFS is
enabled, a new IKE SA using new key material will be
negotiated before this value expires. Default is 28800 sec.
Applies only to IKE policies. Choices are On/Off and
default is On.
Group 1—768 bits (default)
Group 14—2048 bits
Table 99 are fixed and cannot be modified: