Configuring ipsec for a virtual link – Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual

Page 691

Advertising
background image

Multi-Service IronWare Routing Configuration Guide

663

53-1003033-02

Configuring OSPFv3

The ipsec keyword specifies that IPsec is the protocol that authenticates the packets.

The spi keyword and the spinum variable specify the index that points to the security association.
The near-end and far-end values for spinum must be the same. The range for spinum is decimal
256 – 4294967295.

The mandatory esp keyword specifies ESP (rather than authentication header) as the protocol to
provide packet-level security. In the current release, this parameter can be esp only.

The sha1 keyword specifies the HMAC-SHA1-96 authentication algorithm. This mandatory
parameter can be only the sha1 keyword in the current release.

Including the optional no-encrypt keyword means that the 40-character key is not encrypted upon
either its entry or its display. The key must be 40 hexadecimal characters.

If no-encrypt is not entered, then the key will be encrypted. This is the default. The system adds the
following in the configuration to indicate that the key is encrypted:

encrypt = the key string uses proprietary simple cryptographic 2-way algorithm (only for
Brocade NetIron CES and Brocade NetIron CER devices).

encryptb64 = the key string uses proprietary base64 cryptographic 2-way algorithm (only for
Brocade NetIron XMR and Brocade MLX series devices)

The configuration in the preceding example results in the configuration for area 2 that is illustrated
in the following.

Configuring IPsec for a virtual link

IPsec on a virtual link has a global configuration.

To configure IPsec on a virtual link, enter the IPv6 router OSPF context of the CLI and proceed as
the following example illustrates. (Note the no-encrypt option in this example.)

Brocade(config-ospf6-router)#area 1 vir 10.2.2.2 auth ipsec spi 360 esp sha1

no-encrypt 1234567890098765432112345678990987654321

Syntax: [no] area area-id virtual nbrid authentication ipsec spi spinum esp sha1 [no-encrypt] key

The no form of this command deletes IPsec from the virtual link.

The area command and the area-id variable specify the area is to be configured. The area-id can be
an integer in the range 0 – 2,147,483,647 or have the format of an IP address.

The virtual keyword indicates that this configuration applies to the virtual link identified by the
subsequent variable nbrid. The variable nbrid is in dotted decimal notation of an IP address.

The authentication keyword specifies that the function to specify for the area is packet
authentication.

The ipsec keyword specifies that IPsec is the protocol that authenticates the packets.

The spi keyword and the spinum variable specify the index that points to the security association.
The near-end and far-end values for spinum must be the same. The range for spinum is decimal
256 – 4294967295.

ipv6 router ospf

area 0

area 1

area 2

area 2 auth ipsec spi 400 esp sha1 abcef12345678901234fedcba098765432109876

Advertising
Popular Brands
Popular manuals