Dell POWEREDGE M1000E User Manual
Page 633
Fabric OS Command Reference
601
53-1001764-02
policy
2
-dh group
Specifies the Diffie-Hellman group used in PFS negotiation. This operand is
valid only with IKE policies. The default is 1. Values include:
1
Fastest as it uses 768 bit values, but least secure.
14 Slowest as it uses 2048 bit values, but most secure.
-seclife seconds
Security association lifetime in seconds. A new key is renegotiated before the
specified length of time expires. The valid range for seconds is 28800 to
250000000 or 0. The default is 28800.
Examples
To create a new policy:
switch:admin>
policy --create ike 10 -enc 3des -auth md5
The following policy has been set:
IKE policy 10
-----------------------------------------
Authentication Algorithm: MD5
Encryption: 3DES
Perfect Forward Secrecy: 0
Diffie-Hellman Group: 1
SA Life (seconds): 28800
To display a policy setting:
switch:admin>
policy --show ipsec 1
IPSec policy 1
-----------------------------------------
Authentication Algorithm: SHA-1
Encryption: 3DES
SA Life (seconds): 28800
To display all IKE policy settings:
switch:admin>
policy --show ike all
IKE Policy 1
-----------------------------------------
Authentication Algorithm: SHA-1
Encryption: AES-128
Perfect Forward Secrecy: on
Diffie-Hellman Group: 1
SA Life (seconds): 28800
IKE Policy 29
-----------------------------------------
Authentication Algorithm: SHA-1
Encryption: AES-128
Perfect Forward Secrecy: on
Diffie-Hellman Group: 1
SA Life (seconds): 28800
Operation Succeeded