Table of Contents
Advertisement
Configuring IPsec
The length of the key value must match the value that is required by the encryption or authentication algo-
rithm that will use the key.
Algorithm
3DES-CBC
AES-CBC
HMAC-MD5
HMAC-SHA1
AES-XCBC-MAC
Use the following information to determine how to create the proper key size:
•
Number of Characters = Key Size (in bits) / 8; Ex. A 160-bit key would require 20 characters for the
key.
•
Number of Hexidecimal = Key Size (in bits) / 4; Ex. A 160-bit key would require 40 hexidecimal
digits.
Note. The name parameter must be the same as the name of the manually configured IPsec SA
combination of the key name and type must be unique.
Use the
no
form of this command to delete the configured IPsec SA key. For example:
-> no ipsec key tcp_in_ah
Verifying IPsec SA Key
To display the encryption key values which are configured for manually configured IPsec SAs, use the
show ipsec key
command For example:
-> show ipsec key sa-encryption
Encryption Keys
Name
--------------------+---------------
sa_1
sa_2
sa_3
The above command shows the number of manually configured SAs along with their encryption key
lengths in bits respectively. To display the IPsec SA keys used for authentication, use the
command, as shown below:
-> show ipsec key sa-authentication
Authentication Keys
Name
--------------------+----------------
tcp_in_ah
sa_1
sa_5
The above command shows the number of manually configured SAs along with their authentication key
lengths in bits respectively.
OmniSwitch AOS Release 7 Network Configuration Guide
The table shown below displays the key lengths for the supported algorithms:
Key Length
192 Bits
128,192, or 256
Bits
128 Bits
160 Bits
128 Bits
Length (bits)
192
160
64
Length (bits)
160
128
160
Configuring IPsec on the OmniSwitch
June 2013
. Also, the
show ipsec key
page 18-17
- Quick Links:
- Configuring Vlans
Hide quick links:
Advertisement
Table of Contents
