Creating An Ikev2 Proposal; Importing An Ikev2 Digital Certificate - IBM RackSwitch G8000 Application Manual
A top-of-rack (tor) switch
Hide thumbs
Also See for RackSwitch G8000:
- Manual (18 pages) ,
- Manual (14 pages) ,
- Installation manual (86 pages)
Table of Contents
Advertisement
Creating an IKEv2 Proposal
Importing an IKEv2 Digital Certificate
© Copyright IBM Corp. 2011
With IKEv2, a single policy can have multiple encryption and authentication types,
as well as multiple integrity algorithms.
To create an IKEv2 proposal:
1. Enter IKEv2 proposal mode.
RS G8000(config)# ikev2 proposal
2. Set the DES encryption algorithm.
RS G8000(config-ikev2-prop)# encryption 3des|aes-cbc|des (default: 3des)
3. Set the authentication integrity algorithm type.
RS G8000(config-ikev2-prop)# integrity md5
4. Set the Diffie-Hellman group.
RS G8000(config-ikev2-prop)# group 1|2|5|14|24 (default: 2)
To import an IKEv2 digital certificate for authentication:
1. Import the CA certificate file.
RS G8000(config)# copy tftp ca-cert address <hostname or IPv4 address>
Source file name: <path and filename of CA certificate file>
Confirm download operation [y/n]: y
2. Import the host key file.
RS G8000(config)# copy tftp host-key address <hostname or IPv4 address>
Source file name: <path and filename of host private key file>
Confirm download operation [y/n]: y
3. Import the host certificate file.
RS G8000(config)# copy tftp host-cert address <hostname or IPv4 address>
Source file name: <path and filename of host certificate file>
Confirm download operation [y/n]: y
|sha1 (default: sha1)
Chapter 17. IPsec with IPv6
205
Advertisement
Table of Contents
Troubleshooting
