Brocade Communications Systems RFS4000 Cli Reference Manual page 384

10
Crypto Map config commands
session-key
[inbound|outbound]
{ah|esp}
<256-4294967295>
cipher
transformset <name>
Usage Guidelines
If no peer IP address is configured, the manual crypto map is not valid and not complete. A peer IP
address is required for manual crypto maps. To change the peer IP address, the no set peer
command must be issued first; then the new peer IP address can be configured.
If left at the default setting, no perfect forward secrecy (PFS) is used during IPSec SA key
generation. If PFS is specified, the specified Diffie-Hellman Group exchange is used for the initial
(and all subsequent) key generations. This means no data linkage between prior keys and future
keys.
Values can be entered in both kilobytes and seconds. Whichever limit is reached first, ends the
security association.
The inbound local SPI (security parameter index) must equal the outbound remote SPI. The
outbound local SPI must equal the inbound remote SPI. The key values are the hexadecimal
representations of the keys.
They are not true ASCII strings. Therefore, a key of 3031323334353637 represents "01234567".
382
Use the set session-key command to define the encryption and
authentication keys for this crypto map
•
•
For information on how to create a key for authentication and
encryption, refer Usage Guideline in
commands
•
•
authenticator <hex key data> – Specify an authentication key
Use the set transform-set command to assign a transform-set to a
crypto map
RFController(config-crypto-map)#set peer name
RFController(config-crypto-map)#set pfs
RFController(config-crypto-map)#set security-association lifetime
(kilobytes|seconds)
RFController(config-crypto-map)#set session-key [inbound|outbound]{ah|esp}
RFController(config-crypto-map)#set session-key [inbound|outbound] ah <hexkey
data>
RFController(config-crypto-map)#set session-key [inbound|outbound] esp <SPI>
cipher <hexdata key> authenticator <hexkey data>
RFController(config-crypto-map)#set transformset name
inbound [ah|esp] – Defines encryption keys for inbound
traffic
outbound [ah|esp] – Defines encryption keys for outbound
traffic
under crypto on page 233.
ah <256-4294967295> – Authentication header protocol
•
<256-4294967295> – Security Parameter Index (SPI)
for the security association
esp <256-4294967295>– Encapsulating security payload
protocol
•
<256-4294967295> cipher – Defines the security
parameter index
•
cipher – Specify encryption/decryption key
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
Global Configuration
53-1001931-01