Brocade Communications Systems RFS6000 User Manual

Page 384

Advertising
background image

382

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

53-1001931-01

Crypto Map config commands

10

Usage Guidelines

RFController(config-crypto-map)#set peer name

If no peer IP address is configured, the manual crypto map is not valid and not complete. A peer IP
address is required for manual crypto maps. To change the peer IP address, the no set peer
command must be issued first; then the new peer IP address can be configured.

RFController(config-crypto-map)#set pfs

If left at the default setting, no perfect forward secrecy (PFS) is used during IPSec SA key
generation. If PFS is specified, the specified Diffie-Hellman Group exchange is used for the initial
(and all subsequent) key generations. This means no data linkage between prior keys and future
keys.

RFController(config-crypto-map)#set security-association lifetime

(kilobytes|seconds)

Values can be entered in both kilobytes and seconds. Whichever limit is reached first, ends the
security association.

RFController(config-crypto-map)#set session-key [inbound|outbound]{ah|esp}

RFController(config-crypto-map)#set session-key [inbound|outbound] ah <hexkey

data>

RFController(config-crypto-map)#set session-key [inbound|outbound] esp <SPI>

cipher <hexdata key> authenticator <hexkey data>

The inbound local SPI (security parameter index) must equal the outbound remote SPI. The
outbound local SPI must equal the inbound remote SPI. The key values are the hexadecimal
representations of the keys.

They are not true ASCII strings. Therefore, a key of 3031323334353637 represents “01234567”.

RFController(config-crypto-map)#set transformset name

session-key
[inbound|outbound]
{ah|esp}
<256-4294967295>
cipher

Use the set session-key command to define the encryption and
authentication keys for this crypto map

inbound [ah|esp] – Defines encryption keys for inbound
traffic

outbound [ah|esp] Defines encryption keys for outbound
traffic

For information on how to create a key for authentication and
encryption, refer Usage Guideline in

Global Configuration

commands

under

crypto on page 233

.

ah <256-4294967295> Authentication header protocol

<256-4294967295> – Security Parameter Index (SPI)
for the security association

esp <256-4294967295>Encapsulating security payload
protocol

<256-4294967295> cipher – Defines the security
parameter index

cipher – Specify encryption/decryption key

authenticator <hex key data> Specify an authentication key

transformset <name>

Use the set transform-set command to assign a transform-set to a
crypto map

Advertising
This manual is related to the following products:

RFS4000, RFS7000

Popular Brands
Popular manuals