Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 599
586
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
7
crypto ipsec transform-set <TRANSFORM-SET-TAG> [esp-3des|esp-aes|esp-aes-192|
esp-aes-256|esp-des|esp-null] [esp-md5-hmac|esp-sha-hmac]
crypto map <CRYPTO-MAP-TAG> <1-1000> [ipsec-isakmp {dynamic}|ipsec-manual]
crypto pki import crl <TRUSTPOINT-NAME> <URL> <1-168>
security-association
Configures the IPSec SAs parameters
lifetime
[kilobyte |seconds]
Defines the IPSec SAs lifetime (in kilobytes and/or seconds). Values can be entered in both kilobytes and
seconds, which ever limit is reached first, ends the SA. When the SA lifetime ends it is renegotiated as a
security measure.
•
kilobytes – Specifies a volume-based key duration (minimum is 500 KB and maximum is
2147483646 KB)
•
<500-2147483646> – Specify a value from 500 - 2147483646 KB.
•
seconds – Specifies a time-based key duration (minimum is 120 seconds and maximum is 86400
seconds)
•
<120-86400> – Specify a value from 120 - 86400 seconds.
The security association lifetime can be overridden under crypto maps.
ipsec
Configures the IPSec policy parameters
transform-set
<TRANSFORM-SET-TAG>
Defines the transform set configuration (authentication and encryption) for securing data
•
<TRANSFORM-SET-TAG> – Specify the transform set name.
Specify the transform set used by the IPSec transport connection to negotiate the transform algorithm.
esp-3des
Configures the ESP transform using 3DES cipher (168 bits). The transform set is assigned to a crypto map
using the map’s set transform-set command.
esp-aes
Configures the ESP transform using Advanced Encryption Standard (AES) cipher. The transform set is
assigned to a crypto map using the map’s set transform-set command.
esp-aes-192
Configures the ESP transform using AES cipher (192 bits). The transform set is assigned to a crypto map
using the map’s set transform-set command.
esp-aes-256
Configures the ESP transform using AES cipher (256 bits). The transform set is assigned to a crypto map
using the map’s set transform-set command.
esp-des
Configures the ESP transform using Data Encryption Standard (DES) cipher (56 bits). The transform set is
assigned to a crypto map using the map’s set transform-set command.
esp-null
Configures the ESP transform with no encryption
{esp-md5-hmac|
esp-sha-hmac}
The following keywords are common to all transform sets:
•
esp-md5-hmac – Configures ESP transform using HMAC-MD5 authorization
•
esp-sha-hmac – Configures ESP transform using HMAC-SHA authorization
map
<CRYPTO-MAP-TAG>
Configures the crypto map, a software configuration entity that selects data flows that require security
processing. The crypto map also defines the policy for these data flows.
•
<CRYPTO-MAP-TAG> – Specify a name for the crypto map. The name should not exceed 32
characters. For crypto map configuration commands, see
.
<1-1000>
Defines the crypto map entry sequence. Specify a value from 1 - 1000.
ipsec-isakmp {dynamic}
Configures IPSEC w/ISAKMP.
•
dynamic – Optional. Configures dynamic map entry (remote VPN configuration) for XAUTH with
mode-config or ipsec-l2tp configuration
ipsec-manual
Configures IPSEC w/manual keying. Remote configuration is not allowed for manual crypto map
pki
Configures certificate parameters. The Public Key Infrastructure (PKI) protocol creates encrypted public
keys using digital certificates from certificate authorities.
import
Imports a trustpoint related configuration