Brocade Communications Systems StoreFabric SN6500B Command Reference Manual page 519
Brocade fabric os command reference v7.1.0 (53-1002746-01, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- User manual (1505 pages) ,
- Reference (934 pages) ,
- Reference manual (370 pages)
Table of Contents
Advertisement
Example 3
The following example illustrates how to secure traffic between two systems using AH with SHA1 and
ESP protection with 3DES and configure IKE with preshared keys. The two systems are a switch, a
Brocade 300 (IP address 10.33.74.13), and an external UNIX host (IPv4 address 10.33.69.132).
1.
2.
3.
4.
5.
6.
7.
8.
9.
10. Perform the equivalent steps on the remote peer to complete the IPSec configuration. Refer to your
Fabric OS Command Reference
53-1002746-01
On the system console, log in to the switch as Admin and enable IPSec.
switch:admin> ipsecconfig --enable
Create an IPSec SA policy named AH01, which uses AH protection with SHA1.
switch:admin> ipsecconfig --add policy ips sa
-t AH01 -p ah -auth hmac_sha1
Create an IPSec SA policy named ESP01, which uses ESP protection with 3DES.
switch:admin> ipsecconfig --add policy ips sa
-t ESP01 -p esp -enc 3des_cbc
Create an IPSec proposal IPSEC-AHESP to use an AH01 and ESP01 bundle.
switch:admin> ipsecconfig --add policy ips sa-proposal
-t IPSEC-AHESP -sa AH01,ESP01
Import the preshared key file (e.g., ipseckey.psk) using the secCertUtil import command.
Create an IKE policy for the remote peer.
switch:admin> ipsecconfig --add policy ike -t IKE01
-remote 10.33.69.132 -id 10.33.74.13
-remoteid 10.33.69.132 -enc 3des_cbc
-hash hmac_md5 -prf hmac_md5 \
-auth psk -dh modp1024 -psk ipseckey.psk
Create an IPSec transform TRANSFORM01 configured with transport mode to protect traffic
identified for IPSec protection and use IKE01 as a key management policy.
switch:admin> ipsecconfig --add policy ips transform
-t TRANSFORM01 -mode transport -sa-proposal IPSEC
-AHESP -action protect -ike IKE01
Create traffic selectors to protect outbound and inbound traffic.
switch:admin> ipsecconfig --add policy ips selector
-t SELECTOR-OUT -d out -l 10.33.74.13 -r 10.33.69.132
-transform TRANSFORM01
switch:admin> ipsecconfig --add policy ips selector
-t SELECTOR-IN -d in -l 10.33.69.132 -r 10.33.74.13
-transform TRANSFORM01
Verify the IPSec SAs using ipSecConfig --show manual-sa -a. Refer to the "IPSec display
commands" section for an example.
server administration guide for instructions.
ipSecConfig
\
\
\
\
\
\
\
\
\
\
\
\
2
491
- Quick Links:
- Alicreate
Hide quick links:
Advertisement
Table of Contents
Related Manuals for Brocade Communications Systems StoreFabric SN6500B
Related Products for Brocade Communications Systems StoreFabric SN6500B
- Brocade Communications Systems SN3000B
- Brocade Communications Systems FastIron SX 800
- Brocade Communications Systems FastIron SX 1600
- Brocade SX 800
- Brocade SX 1600
- Brocade Communications Systems ServerIron ADX
- Brocade Communications Systems Slim Rail Rack Mount
- Brocade Communications Systems SilkWorm 2000
- Brocade Communications Systems SI1000
- Brocade Communications Systems SI1000F
- Brocade Communications Systems SI4000
- Brocade Communications Systems SI10000
- Brocade Communications Systems Brocade 8/12c
- Brocade Communications Systems Brocade 8/24c
- Brocade Communications Systems Brocade BladeSystem 4/12
- Brocade Communications Systems Brocade BladeSystem 4/24
Need help?
Do you have a question about the StoreFabric SN6500B and is the answer not in the manual?