beautypg.com

Dell POWEREDGE M1000E User Manual

Page 472

background image

440

Fabric OS Command Reference

53-1001764-02

ipSecConfig

2

-ipsec ah|esp

Specifies the IPSec protocol. Encapsulating Security Payload (ESP)
provides confidentiality, data integrity and data source authentication of
IP packets, and protection against replay attacks. Authentication Header
(AH) provides data integrity, data source authentication, and protection
against replay attacks but, unlike ESP, does not provide confidentiality.

-action discard|bypass|protect

Specifies the IPSec protection type regarding the traffic flows.

-direction in|out

Specifies traffic flow direction as inbound or outbound.

-mode tunnel|transport

Specifies the IPSec mode. In tunnel mode, the IP datagram is fully
encapsulated by a new IP datagram using the IPSec protocol. In transport
mode, only the payload of the IP datagram is handled by the IPSec
protocol; it inserts the IPSec header between the IP header and the
upper-layer protocol header.

-enc algorithm

Specifies the encryption algorithm. Valid encryption algorithms include
the following:

3des_cbc - 3DES algorithm

null_enc - Null encryption algorithm(cleartext)

-auth algorithm Specifies the authentication algorithm. Valid authentication algorithms

include the following:

hmac_md5 - MD5 algorithm

hmac_sha1 - SH1 algorithm

-enc-key number

Specifies the encryption key. This is a user-generated key based on the
length of the key. Use the LINUX random key generator or any other
comparable third party utility to generate the manual SA keys. Refer to
the Fabric OS Administrator’s Guide for details.

A 192-bit value for the 3des_cbc encryption algorithm, for example,
0x96358c90783bbfa3d7b196ceabe0536b

A zero-bit value for the null_enc encryption algorithm.

-auth-key number

Specifies the authentication key. This is a user-generated key based on
the length of the key.

A 128-bit value for the hmac_md5 authentication algorithm.

A 160-bit value for the hmac_sha1 authentication algorithm.

The following operands are optional:

tunnel-local ipaddress

Specifies the local tunnel IPv4 or IPv6 address.

tunnel-remote ipaddress

Specifies the peer tunnel IPv4 or IPv6 address.

See also other documents in the category Dell Computer Accessories: