Table of Contents
Advertisement
Configuring IPsec on the OmniSwitch
Additional Examples
Configuring ESP
The example below shows the commands for configuring ESP between two OmniSwitches for all TCP
traffic.
Switch A
IPv6 address: 3ffe::100
Switch A
-> ipsec security-key master-key-12345
-> ipsec policy tcp_out source 3ffe::100 destination 3ffe::200 protocol tcp out
ipsec description "IPsec on TCP to 200"
-> ipsec policy tcp_in source 3ffe::200 destination 3ffe::100 protocol tcp in
ipsec description "IPsec on TCP from 200"
-> ipsec policy tcp_out rule 1 esp
-> ipsec policy tcp_in rule 1 esp
-> ipsec policy tcp_out admin-state enable
-> ipsec policy tcp_in admin-state enable
-> ipsec sa tcp_out_esp esp source 3ffe::100 destination 3ffe::200 spi 1000
encryption des-cbc authentication hmac-sha1 description "ESP to 200" admin-state
enable
-> ipsec sa tcp_in_esp esp source 3ffe::200 destination 3ffe::100 spi 1001
encryption des-cbc authentication hmac-sha1 description "ESP from 200" admin-
state enable
-> ipsec key tcp_out_esp sa-encryption 12345678
-> ipsec key tcp_out_esp sa-authentication 12345678901234567890
-> ipsec key tcp_in_esp sa-encryption 12345678
-> ipsec key tcp_in_esp sa-authentication 123456789012345678
page 14-18
ESP
ESP Between Two OmniSwitches
OmniSwitch AOS Release 7 Network Configuration Guide
Switch B
IPv6 address: 3ffe::200
90
Configuring IPsec
March 2011
Advertisement
Table of Contents
