Brocade Communications Systems StoreFabric SN6500B Command Reference Manual page 510
Brocade fabric os command reference v7.1.0 (53-1002746-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Reference (934 pages) ,
- Reference manual (370 pages)
Table of Contents
Advertisement
2
ipSecConfig
482
-mode tunnel | transport
Specifies the IPSec transform mode. In tunnel mode, the IP datagram is fully
encapsulated by a new IP datagram using the IPSec protocol. In transport
mode, only the payload of the IP datagram is handled by the IPSec protocol
inserting the IPSec header between the IP header and the upper-layer
protocol header.
-sa-proposal name
Specifies the SA proposal to be included in the transform. You must create
the SA proposal first before you can include it in the transform. Use
ipsecConfig --show policy ips sa-proposal -a for a listing of existing SA
proposals.
-action discard | bypass | protect
Specifies the protective action the transform should take regarding the traffic
flows.
-ike name
Specifies the IKE policy to be included in the transform. This operand is
optional. Use ipsecConfig --show policy ike -a for a listing of existing IKE
policies.
-local IP_address[/prefixlength]
Specifies the source IPv4 or IPv6 address. This operand is optional. If a local
source IP address is defined, a remote peer IP address must also be defined.
-remote IP_address[/prefixlength]
Specifies the peer IPv4 or IPv6 address. This operand is optional. If a remote
peer IP address is defined, a local source IP address must also be defined.
sa-proposal
Defines the security associations (SA) proposal, including name, SAs to be
included and lifetime of the proposal. The following operands are supported:
-tag name
Specifies a name for the SA proposal. This is a user-generated name. The
name must be between 1 and 32 characters in length, and may include
alphanumeric characters, dashes (-), and underscores (_).
-sa name[,name]
Specifies the SAs to include in the SA proposal. The bundle consists of one
or two SA names, separated by commas. For SA bundles, [AH, ESP] is the
supported combination. The SAs must be created prior to being included in
the SA proposal. This operand is required.
-lttime number
Specifies the SA proposal's lifetime in seconds. This operand is optional. If a
lifetime is not specified, the SA does not expire. If lifetime is specified both in
seconds and in bytes, the SA expires when the first expiration criterion is met.
-ltbyte number
Specifies the SA proposal's lifetime in bytes. The SA expiries after the
specified number of bytes have been transmitted. This operand is optional.
sa
Defines the Security Association. An SA specifies the IPSec protocol (AH or
ESP), the algorithms used for encryption and authentication, and the
expiration definitions used in security associations of the traffic. IKE uses
these values in negotiations to create IPSec SAs.
You cannot modify an SA once it is created. Use ipsecConfig --flush
manual-sa to remove all SA entries from the kernel SA database (SADB)
and start over.
Fabric OS Command Reference
53-1002746-01
- Quick Links:
- Alicreate
Hide quick links:
Advertisement
Table of Contents
Related Manuals for Brocade Communications Systems StoreFabric SN6500B
Related Products for Brocade Communications Systems StoreFabric SN6500B
- Brocade Communications Systems SN3000B
- Brocade Communications Systems FastIron SX 800
- Brocade Communications Systems FastIron SX 1600
- Brocade SX 800
- Brocade SX 1600
- Brocade Communications Systems ServerIron ADX
- Brocade Communications Systems Slim Rail Rack Mount
- Brocade Communications Systems SilkWorm 2000
- Brocade Communications Systems SI1000
- Brocade Communications Systems SI1000F
- Brocade Communications Systems SI4000
- Brocade Communications Systems SI10000
- Brocade Communications Systems Brocade 8/12c
- Brocade Communications Systems Brocade 8/24c
- Brocade Communications Systems Brocade BladeSystem 4/12
- Brocade Communications Systems Brocade BladeSystem 4/24