Brocade Communications Systems RFS6000 User Manual

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

237

53-1001931-01

Global Configuration commands

5

Usage Guidelines

Follow the table to calculate how many character are required to add the key size for
authentication and encryption. This is used while configuring Manual IPSEC only.

For example, To create a key with authentication type as ESP-SHA and encryption type as
AES-192, enter 20+16=36 characters.

The key size for all the 3 different AES combinations is 128 bits or 16 bytes.

Follow the example below to see how the Auth and Encryption key is created in

(config)#

crypto-ipsec

instance and used in

(config)# crypt-map

instance.

RFController(config)#crypto ipsec transform-set Test1 ?

ah-md5-hmac AH-HMAC-MD5 transform

ah-sha-hmac AH-HMAC-SHA transform

esp-3des ESP transform using 3DES cipher (168 bits)

esp-aes ESP transform using AES cipher

esp-aes-192 ESP transform using AES cipher (192 bits)

esp-aes-256 ESP transform using AES cipher (256 bits)

esp-des ESP transform using DES cipher (56 bits)

esp-md5-hmac ESP transform using HMAC-MD5 auth

esp-sha-hmac ESP transform using HMAC-SHA auth

RFController(config)#crypto ipsec transform-set Test1 esp-aes-192 esp-sha-hmac

RFController(config-crypto-ipsec)#exit

RFController(config)#crypto map TestMap-TechPub 10 ipsec-manual

RFController(config-crypto-map)#set peer 1.1.1.1

RFController(config-crypto-map)#match address 101

RFController(config-crypto-map)#set transform-set tfset-manual

RFController(config-crypto-map)#set session-key inbound esp 257

cipher 12345678901234567890123456789012345678901234

authenticator 12345678901234567890123456789012345678901234

RFController(config-crypto-map)#set session-key outbound esp 258

cipher 12345678901234567890123456789012345678901234

authenticator 12345678901234567890123456789012345678901234

RFController(config-crypto-map)#exit

RFController(config)#interface vlan11

RFController(config-if)#crypto map manual