Using A Manual Key Policy - IBM RackSwitch G8000 Application Manual
A top-of-rack (tor) switch
Hide thumbs
Also See for RackSwitch G8000:
- Manual (18 pages) ,
- Manual (14 pages) ,
- Installation manual (86 pages)
Table of Contents
Advertisement
Using a Manual Key Policy
208
RackSwitch G8000: Application Guide
A manual policy involves configuring policy and manual SA entries for local and
remote peers.
To configure a manual key policy, you need:
•
The IP address of the peer in IPv6 format (for example, "3000::1").
•
Inbound/Outbound session keys for the security protocols.
You can then assign the policy to an interface. The peer represents the other end of
the security association. The security protocol for the session key can be either ESP
or AH.
To create and configure a manual policy:
1. Enter a manual policy to configure.
RS G8000(config)#ipsec manual-policy <policy number>
2. Configure the policy.
RS G8000(config-ipsec-manual)#peer <peer's IPv6 address>
RS G8000(config-ipsec-manual)#traffic-selector <IPsec traffic selector>
RS G8000(config-ipsec-manual)#transform-set <IPsec transform set>
RS G8000(config-ipsec-manual)#in-ah auth-key <inbound AH IPsec key>
RS G8000(config-ipsec-manual)#in-ah auth-spi <inbound AH IPsec SPI>
RS G8000(config-ipsec-manual)#in-esp cipher-key <inbound ESP cipher key>
RS G8000(config-ipsec-manual)#in-esp auth-spi <inbound ESP SPI>
RS G8000(config-ipsec-manual)#in-esp auth-key <inbound ESP authenticator key>
RS G8000(config-ipsec-manual)#out-ah auth-key <outbound AH IPsec key>
RS G8000(config-ipsec-manual)#out-ah auth-spi <outbound AH IPsec SPI>
RS G8000(config-ipsec-manual)#out-esp cipher-key <outbound ESP cipher key>
RS G8000(config-ipsec-manual)#out-esp auth-spi <outbound ESP SPI>
RS G8000(config-ipsec-manual)#out-esp auth-key <outbound ESP authenticator
key>
where the following parameters are used:
– peer's IPv6 address
3000::1)
– IPsec traffic-selector
– IPsec of transform-set
– inbound AH IPsec key
– inbound AH IPsec SPI
– inbound ESP cipher key
– inbound ESP SPI
– inbound ESP authenticator keyThe inbound ESP authenticator key code, in
hexadecimal
– outbound AH IPsec key
– outbound AH IPsec SPI
– outbound ESP cipher key
– outbound ESP SPI
–
outbound ESP authenticator key
hexadecimal
The IPv6 address of the peer (for example,
A number from1-10
A number from1-10
The inbound AH key code, in hexadecimal
A number from 256-4294967295
The inbound ESP key code, in hexadecimal
A number from 256-4294967295
The outbound AH key code, in hexadecimal
A number from 256-4294967295
The outbound ESP key code, in hexadecimal
A number from 256-4294967295
The outbound ESP authenticator key code, in
Advertisement
Table of Contents
Troubleshooting
