Dell POWEREDGE M1000E User Manual

Page 514

Advertising
background image

486

Fabric OS Command Reference

53-1002746-01

ipSecConfig

2

-ipsec ah | esp

Specifies the IPSec protocol. Encapsulating Security Payload (ESP) provides
confidentiality, data integrity and data source authentication of IP packets,
and protection against replay attacks. Authentication Header (AH) provides
data integrity, data source authentication, and protection against replay
attacks but, unlike ESP, does not provide confidentiality.

-action discard | bypass | protect

Specifies the IPSec protection type regarding the traffic flows.

-direction in | out

Specifies traffic flow direction as inbound or outbound.

-mode tunnel | transport

Specifies the IPSec mode. In tunnel mode, the IP datagram is fully
encapsulated by a new IP datagram using the IPSec protocol. In transport
mode, only the payload of the IP datagram is handled by the IPSec protocol;
it inserts the IPSec header between the IP header and the upper-layer
protocol header.

-enc algorithm

Specifies the encryption algorithm. Valid encryption algorithms include the
following:

3des_cbc

3DES algorithm

null_enc

Null encryption algorithm (cleartext)

-auth algorithm

Specifies the authentication algorithm. Valid authentication algorithms include
the following:

hmac_md5

MD5 algorithm

hmac_sha1

SH1 algorithm

-enc-key number

Specifies the encryption key. This is a user-generated key based on the
length of the key. Use the LINUX random key generator or any other
comparable third party utility to generate the manual SA keys. Refer to the
Fabric OS Administrator's Guide for details.

A 192-bit value for the 3des_cbc encryption algorithm, for example,
0x96358c90783bbfa3d7b196ceabe0536b

A zero-bit value for the null_enc encryption algorithm.

-auth-key number

Specifies the authentication key. This is a user-generated key based on the
length of the key. Valid keys include the following:

A 128-bit value for the hmac_md5 authentication algorithm.

A 160-bit value for the hmac_sha1 authentication algorithm.

The following operands are optional:

tunnel-local ipaddress

Specifies the local tunnel IPv4 or IPv6 address.

tunnel-remote ipaddress

Specifies the peer tunnel IPv4 or IPv6 address.

Advertising
Popular Brands
Popular manuals