Chapter 12 Ipsec Commands - Alcatel-Lucent 060321-10, Rev. B Cli Reference Manual

12 IPsec commands
IPsec is a suite of protocols for securing IPv6 communications by authenticating and/or encrypting each
IPv6 packet in a data stream. IPsec provides security services such as Encrypting traffic, Integrity
validation, Authenticating the peers, and Anti-replay.
IPsec protocols operate at network layer using appropriate security protocols, cryptographic algorithms,
and cryptographic keys. The security services are provided through use of two security protocols, the
Authentication Header (AH) and the Encapsulating Security Payload (ESP), and through the use of
cryptographic key management procedures and protocols.
There are two modes of IPsec operation: transport mode and tunnel mode. In transport mode, only the data
you transfer (payload) in the IPv6 packet is encrypted and/or authenticated and only the payloads that are
originated and destined between two intermediate systems are processed with IPsec. In tunnel mode, the
entire IPv6 packet with both the data and the message headers is encrypted and/or authenticated. In tunnel
mode, all the IPv6 packets that passess through the endpoints are processed by IPsec. The current imple-
mentation of IPsec supports only the transport mode.
Note. The current implementation of IPsec supports only IPv6.
The pre-configured Security Policy determines the traffic that is to be rendered with IPsec protection. A
Security Association (SA) specifies the actual IPsec actions to be performed (e.g encryption using 3DES,
authentication with HMAC-SHA1). A security association is bundle of algorithms and parameters (such as
keys) that is being used to encrypt and authenticate a particular flow in one direction. Security
Associations can be manually configured or negotiated through IKE. The current implementation of IPsec
does not support the negotiation of SA through IKE and SAs need to be configured manually.
A summary of the available commands is listed here:
ipsec key
ipsec security-key
ipsec policy
ipsec policy rule
ipsec sa
show ipsec policy
show ipsec sa
show ipsec key
show ipsec ipv6 statistics
OmniSwitch CLI Reference Guide March 2011 page 12-1