beautypg.com

Dell POWEREDGE M1000E User Manual

Page 511

background image

Fabric OS Command Reference

483

53-1002746-01

ipSecConfig

2

-tag name

Specifies a name for the SA. This is a user-generated name. The name must
be between 1 and 32 characters in length, and may include alphanumeric
characters, dashes (-), and underscores (_). This operand is required.

-protocol ah | esp

Specifies the IPSec protocol. Encapsulating Security Payload (ESP)
provides confidentiality, data integrity and data source authentication of IP
packets, and protection against replay attacks. Authentication Header (AH)
provides data integrity, data source authentication, and protection against
replay attacks but, unlike ESP, does not provide confidentiality. This operand
is required.

-auth algorithm

Specifies the authentication algorithm. This operand is required. Valid
algorithms include the following:

hmac_md5

MD5 authentication algorithm

hmac_sha1

SHA1 authentication algorithm

-enc algorithm

Specifies the encryption algorithm. This operand is required. Valid algorithms
include the following:

3des_cbc

3DES encryption algorithm

blowfish_cbc

Blowfish encryption algorithm

null_enc

Null encryption algorithm

aes256_cb

AES-256 algorithm

-spi number

Specifies the security parameter index (SPI) for the SA. This is a user-defined
index. Valid SPI numbers consist of numeric characters (0-9). This operand is
optional.

policy ike

Creates or modifies an IKE policy configuration. No subtype is required with this
command. The command defines the following IKE policy parameters: IKE
version, IP address of the remote entity, IP address of the local entity, encryption
algorithm, hash algorithm, PRF algorithm, DH group, authentication method, path
and filename of the preshared key. The syntax is as follows: ipsecConfig --add |
--modify ike arguments.

arguments

Valid arguments for policy ike include the following:

-tag name

Specifies a name for the IKE policy. This is a user-generated name. The
name must be between 1 and 32 characters in length, and may include
alphanumeric characters, dashes (-), and underscores (_). This operand is
required.

remote IP_address[/prefixlength]

Specifies the peer IPv4 or IPv6 address and prefix.