Dell POWEREDGE M1000E User Manual

Fabric OS Command Reference

437

53-1001764-02

ipSecConfig

2

-ltbyte number

Specifies the SA proposal’s lifetime in bytes. The SA expiries after the
specified number of bytes have been transmitted. This operand is
optional.

sa

Defines the Security Association. An SA specifies the IPSec protocol (AH
or ESP), the algorithms used for encryption and authentication, and the
expiration definitions used in security associations of the traffic. IKE uses
these values in negotiations to create IPSec SAs.

You cannot modify an SA once it is created. Use ipsecConfig --flush
manual-sa to remove all SA entries from the kernel SA database (SADB)
and start over.

-tag name

Specifies a name for the SA. This is a user-generated name. The name
must be between 1 and 32 characters in length, and may include
alphanumeric characters, dashes (-), and underscores (_). This operand
is required.

-protocol ah|esp

Specifies the IPSec protocol. Encapsulating Security Payload (ESP)
provides confidentiality, data integrity and data source authentication of
IP packets, and protection against replay attacks. Authentication Header
(AH) provides data integrity, data source authentication, and protection
against replay attacks but, unlike ESP, does not provide confidentiality.
This operand is required.

-auth algorithm

Specifies the authentication algorithm. This operand is required. Valid
algorithms include:

•

hmac_md5 - MD5 authentication algorithm

•

hmac_sha1 - SHA1 authentication algorithm

-enc algorithm

Specifies the encryption algorithm. This operand is required. Valid
algorithms include:

•

3des_cbc - 3DES encryption algorithm

•

blowfish_cbc - Blowfish encryption algorithm

•

null_enc - Null encryption algorithm

•

aes256_cbc

-

AES-256

algorithm

-spi number

Specifies the security parameter index (SPI) for the SA. This is a
user-defined index. Valid SPI numbers consist of numeric characters
(0-9). This operand is optional.