Creating An Ike And Ipsec Policy - Brocade Communications Systems 8 Administrator's Manual

Fabric os fcip administrator’s guide

Hide thumbs Also See for 8:

Command reference manual (1080 pages)

Reference (842 pages)

Reference manual (382 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

page of 116

/ 116
Contents
Table of Contents
Bookmarks

Table of Contents

IPSec implementation over FCIP

The parameters listed

TABLE 11

Parameter

Encryption Algorithm

Authentication Algorithm

Security Association lifetime in seconds

PFS (Perfect Forward Secrecy)

Diffie-Hellman group

Creating an IKE and IPsec policy

For a complete description of the policy command, see the Fabric OS Command Reference.

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the policy command to create IKE and IPsec policies:

The following example shows how to create IKE policy number 10 using 3DES encryption, MD5

authentication, and Diffie-Hellman Group 1:

switch:admin> policy --create ike 10 -enc 3des -auth md5 -dh 1

The following policy has been set:

inTable 11

Modifiable policy parameters

policy --create type number [-enc encryption_method ][-auth

authentication_algorithm] [-pfs off|on] [-dh DH_group ] [-seclife secs]

Where:

type and number

The type of policy being created (IKE or IPsec) and the number for this type of

policy. To easily determine how many policies have been created, consider

using sequential numbering. The range of valid values is any whole number

from 1 through 32.

encryption_method

The supported type of encryption. Valid options are 3DES, AES-128, and

AES-256. AES-128 is the default.

authentication_algorithm

The authentication algorithm. Valid options are SHA-1, MD5, and AES-XCBC

(IPsec only). SHA-1 is the default.

DH_Group

The Diffie-Hellman group. Supported groups are Group 1 and Group 14.

Group 1 is the default.

secs

The security association lifetime in seconds. 28800 is the default.

can be modified.

Description

3DES—168-bit key

AES-128—128-bit key (default)

AES-256—256-bit key

SHA-1—Secure Hash Algorithm (default)

MD5—Message Digest 5

AES-XCBC—Used only for IPsec

Security association lifetime in seconds. A new key is renegotiated

before seconds expires. seconds must be between 28800 to

250000000 or 0. The default is 28800.

Applies only to IKE policies. Choices are On/Off and

default is On.

Group 1—768 bits (default)

Group 14—2048 bits

Fabric OS FCIP Administrator's Guide

53-1001766-01

Table of Contents

Show Quick Links

Quick Links:
Managing Fcip Tunnels

Hide quick links:

Table of Contents

This manual is also suitable for:

Poweredge m1000e Poweredge m600 Poweredge m605 Poweredge m610 Poweredge m710 Poweredge m710hd ... Show all

Creating An Ike And Ipsec Policy - Brocade Communications Systems 8 Administrator's Manual

Creating an IKE and IPsec policy

Hide quick links:

Related Manuals for Brocade Communications Systems 8

Related Content for Brocade Communications Systems 8

This manual is also suitable for:

Table of Contents