Brocade Communications Systems 8 Command Reference Manual page 477
Fabric os command reference manual supporting fabric
Hide thumbs
Also See for 8:
- Reference (842 pages) ,
- Reference manual (382 pages) ,
- Administrator's manual (310 pages)
Table of Contents
Advertisement
3. Create an IPSec SA policy named ESP01, which uses ESP protection with 3DES.
4. Create an IPSec proposal IPSEC-AHESP to use an AH01 and ESP01 bundle.
5. Import the preshared key file (e.g., ipseckey.psk) using the secCertUtil import command.
6. Create an IKE policy for the remote peer.
7.
8. Create traffic selectors to protect outbound and inbound traffic.
9. Verify the IPSec SAs using ipSecConfig --show manual-sa -a. Refer to the
10. Perform the equivalent steps on the remote peer to complete the IPSec configuration. Refer to
Example 4
Secure traffic between two systems using protection with MD5 and Manually keyed SAs. The two
systems are a switch, the BROCADE300 (IPv4 address 10.33.74.13), and an external UNIX host
(IPv4 address 10.33.69.132).
1. On the system console, log into the switch as Admin and enable IPSec.
2. Create an IPSec Manual SA that uses AH protection with MD5 for outbound traffic:
3. Create an SA for inbound traffic.
4. Verify the SAs using ipsecConfig --show manual-sa -a. Refer to the
5. Perform the equivalent steps on the remote peer to complete the IPSec configuration. Refer to
Fabric OS Command Reference
53-1001764-02
switch:admin> ipsecconfig --add policy ips sa -t ESP01 -p esp -enc 3des_cbc
switch:admin> ipsecconfig --add policy ips sa-proposal -t IPSEC-AHESP -sa AH01,ESP01
switch:admin> ipsecconfig --add policy ike -t IKE01 -remote 10.33.69.132 -id 10.33.74.13 \
-remoteid 10.33.69.132 -enc 3des_cbc -hash hmac_md5 -prf hmac_md5 \
-auth psk -dh modp1024 -psk ipseckey.psk
Create an IPSec transform TRANSFORM01 configured with transport mode to protect traffic
identified for IPSec protection and use IKE01 as a key management policy.
switch:admin> ipsecconfig --add policy ips transform -t TRANSFORM01 -mode transport \
-sa-proposal IPSEC-AHESP -action protect -ike IKE01
switch:admin> ipsecconfig --add policy ips selector -t SELECTOR-OUT \
-d out -l 10.33.74.13 -r 10.33.69.132 -transform TRANSFORM01
switch:admin> ipsecconfig --add policy ips selector -t SELECTOR-IN \
-d in -l 10.33.69.132 -r 10.33.74.13 -transform TRANSFORM01
commands"
section for an example.
your server administration guide for instructions.
switch:admin> ipsecconfig --enable
switch:admin> ipsecconfig --add manual-sa -spi 0x300 -l 10.33.74.13 -r 10.33.69.132 \
-p any -d out -m transport -ipsec ah -ac protect -auth hmac_md5 -auth-key "TAHITEST89ABCDEF"
switch:admin> ipsecconfig --add manual-sa -spi 0x200 -l 10.33.69.132 -r 10.33.74.13 \
-p any -d in -m transport -ipsec ah -ac protect -auth hmac_md5 -auth-key "TAHITEST89ABCDEF"
commands"
section for an example.
your server administration guide for instructions.
2
ipSecConfig
"IPSec display
"IPSec display
445
Advertisement
Table of Contents
Related Manuals for Brocade Communications Systems 8
Related Products for Brocade Communications Systems 8
- Brocade Communications Systems 8/24
- Brocade Communications Systems POWEREDGE 840
- Brocade Communications Systems 8/8
- Brocade Communications Systems 8/80
- Brocade Communications Systems Converged Enhanced Ethernet 8000
- Brocade Communications Systems 800
- Brocade Communications Systems 825
- Brocade Communications Systems 815
- Brocade Communications Systems Brocade 8/12c
- Brocade Communications Systems Brocade 8/24c
- Brocade Communications Systems 8Gb SAN Switch
- Brocade Communications Systems 8000 Series
- Brocade Communications Systems 53-1001763-02
- Brocade Communications Systems 53-1001778-01
- Brocade Communications Systems 6505
- Brocade Communications Systems Brocade 6520