Brocade Communications Systems RFS6000 User Manual
Page 237
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
235
53-1001931-01
Global Configuration commands
5
Parameters
ipsec (security-association|
transform-set)
Configures IPSEC policies.
•
security-association – Defines the security association
parameter used to define its lifetime
•
lifetime (kilobyte | seconds) – The lifetime of IPSEC
security association. It can be defined in either:
kilobytes – Volume-based key duration, the minimum is
500 KB and maximum is 2147483646 KB .
seconds – Time-based key duration, the minimum is 90
seconds and maximum is 2147483646 seconds
•
transform-set [set name] – Uses the crypto ipsec
transform-set command to define the transform
configuration (authentication and encryption) for securing
data
•
ah-md5-hmac
•
ah-sha-hmac
•
esp-3des
•
esp-aes
•
esp-aes-192
•
esp-aes-256
•
esp-des
•
esp-md5-hmac
•
esp-sha-hmac
The transform-set is then assigned to a crypto map using the
map’s set transform-set command. For more information, see
Crypto-map Instance on page 371
isakmp
[client|keepalive|key|
peer|policy]
Configures the Internet Security Association and Key
Management Protocol (ISAKMP) policy.
•
client configuration (group) (default) – Leads to the
config-cryptogroup instance.
For more details see
Crypto-group Instance on page 341
•
keepalive <10-3600> – Sets a keepalive interval for use with
remote peers. It defines the number of seconds between
DPD messages
•
key [0
pre-shared key for remote peer
•
0
•
2
password-encryption secret
•
•
address – Defines a shared key with an
IP address
•
hostname – Defines the shared key with a hostname
•
peer [address|dn|hostname] – Sets the remote peer
•
address – The IP address is the identity of the remote
peer
•
dn – The identity of the remote peer is the distinguished
name
•
hostname –The hostname is the identity of the remote
peer
•
policy <1-10000> – Sets a policy for a ISAKMP protection
suite