Table of Contents
Advertisement
IPsec Specifications
IPsec Specifications
Platforms Supported
IP Version Supported
RFCs Supported
Encryption Algorithms Supported for ESP
Key lengths supported for Encryption Algo-
rithms
Authentication Algorithms Supported for
AH
Key lengths supported for Authentication
Algorithms
Master Security Key formats
Priority value range for IPsec Policy
Index value range for IPsec Policy Rule
SPI Range
Modes Supported
IPsec Defaults
The following table shows the default settings of the configurable IPsec parameters.
Parameter Description
IPsec global status (A license file
must be present on the switch)
Master security key for the switch
IPsec policy priority
IPsec security policy status
IPsec discard policy status
IPsec SA status
Key length AES-CBC
page 14-2
OmniSwitch 10K
IPv6
4301 - Security Architecture for the Internet Proto-
col
4302 - IP Authentication Header (AH)
4303 - IP Encapsulating Security Payload (ESP)
4305 - Cryptographic Algorithm Implementation
Requirements for ESP and AH
4308 - Cryptographic Suites for IPsec
NULL, 3DES-CBC, and AES-CBC
3DES-CBC - 192 bits
AES-CBC - 128, 192, or 256 bits
HMAC-SHA1-96, HMAC-MD5-96, and AES-
XCBC-MAC-96
HMAC-MD5 - 128 bits
HMAC-SHA1 - 160 bits
AES-XCBC-MAC - 128 bits
Hexadecimal (16 bytes) or String (16 characters)
1 - 1000
1 - 10
256 - 999999999
Transport
Command
ipsec security-key
ipsec policy
ipsec policy
ipsec policy
ipsec sa
ipsec sa
OmniSwitch AOS Release 7 Network Configuration Guide
Configuring IPsec
Default Value/Comments
Disabled
No master security key set
100
Disabled
Enabled
Disabled
128 bits
March 2011
Advertisement
Table of Contents
