Brocade Communications Systems Brocade 8/12c Command Reference Manual page 499
Brocade fabric os command reference manual supporting fabric os v7.0.0 (april 2011)
Hide thumbs
Also See for Brocade 8/12c:
- User manual (1301 pages) ,
- Command reference manual (1080 pages) ,
- Reference (362 pages)
Table of Contents
Advertisement
3.
4.
5.
6.
7.
8.
9.
10. Verify the IPSec SAs using ipSecConfig --show manual-sa -a. Refer to the "IPSec display
11. Perform the equivalent steps on the remote peer to complete the IPSec configuration. Refer to your
Fabric OS Command Reference
53-1001764-01
Create an IPSec proposal IPSEC-ESP to use ESP01 as the SA.
switch:admin> ipsecconfig --add policy ips sa-proposal
-t IPSEC-ESP -sa ESP01
Configure the SA proposal lifetime in seconds.
switch:admin> ipsecconfig --add policy ips sa-proposal
-t IPSEC-ESP -lttime 280000 -sa ESP01
Import the public key for the BROCADE300 (Brocade300.pem), the private key for BROCADE300
(Brocade300-key.pem), and the public key of the external host (remote-peer.pem) in X.509 PEM
format from the remote certificate server (10.6.103.139).
switch:admin> seccertutil import -ipaddr 10.103.6.139
-remotedir /root/certs -certname Brocade300.pem
switch:admin> seccertutil import -ipaddr 10.103.6.139
-remotedir /root/certs -certname Brocade300-key.pem
switch:admin> seccertutil import -ipaddr 10.103.6.139
-remotedir /root/certs -certname remote-peer.pem
Import the CA certificate that was used to sign the public certificates of BROCADE300 and the
remote peer as IPSECCA.pem.
switch:admin> seccertutil import -ipaddr 10.103.6.139
-remotedir /root/certs -certname IPSECCA.pem
Configure an IKE policy for the remote peer UNIX host.
switch:admin> ipsecconfig --add policy ike -t IKE01 -remote
fe80::205:1fff:fe51:f09e -id fe80::220:1aff:fe34:2e82
-remoteid fe80::205:1fff:fe51:f09e
-enc 3des_cbc -hash hmac_md5 -prf hmac_md5 -auth rsasig
-dh modp1024 -pubkey "Brocade300.pem"
-privkey "Brocade300-key.pem" -peerpubkey "remote-peer.pem"
Create an IPSec transform TRANSFORM01 to use transport mode to protect traffic identified for
IPSec protection and use IKE01 as the key management policy.
switch:admin> ipsecconfig --add policy ips transform
-t TRANSFORM01 -mode transport -sa-proposal IPSEC-ESP
-action protect -ike IKE01
Create traffic selectors to select outbound and inbound TCP traffic that needs to be protected.
switch:admin> ipsecconfig --add policy ips selector \
-t SELECTOR-OUT -d out -l fe80::220:1aff:fe34:2e82
-r fe80::205:1fff:fe51:f09e
-protocol "tcp" -transform TRANSFORM01
switch:admin> ipsecconfig --add policy ips selector
-t SELECTOR-IN -d in -l fe80::205:1fff:fe51:f09e -r
fe80::220:1aff:fe34:2e82 -protocol "tcp" -t transform TRANSFORM01
commands" section for an example.
server administration guide for instructions.
\
\
\
\
\
\
\
\
\
22
ipSecConfig
\
\
\
\
\
\
\
\
465
Advertisement
Chapters
Table of Contents
Related Manuals for Brocade Communications Systems Brocade 8/12c
Related Products for Brocade Communications Systems Brocade 8/12c
- Brocade Communications Systems Brocade 8/24c
- Brocade Communications Systems Brocade BladeSystem 4/24
- Brocade Communications Systems Brocade BladeSystem 4/12
- Brocade Communications Systems 8/24
- Brocade Communications Systems POWEREDGE 840
- Brocade Communications Systems 8/8
- Brocade Communications Systems 8/80
- Brocade Communications Systems 8
- Brocade Communications Systems Converged Enhanced Ethernet 8000
- Brocade Communications Systems 800
- Brocade Communications Systems 825
- Brocade Communications Systems 815
- Brocade Communications Systems 8Gb SAN Switch
- Brocade Communications Systems 8000 Series
- Brocade Communications Systems BROCADE 4424 BLADE SERVER 53-1000571-01
- Brocade Communications Systems Brocade Superx Series