Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

461

462

463

464

465

466

467

468

469

470

444 Brocade Fabric OS Command Reference

53-1004112-02

ipSecConfig

sa-proposal

Defines the security associations (SA) proposal, including name, SAs to be included

and lifetime of the proposal. The following operands are supported:

-tag name

Specifies a name for the SA proposal. This is a user-generated name. The name must

be between 1 and 32 characters in length, and may include alphanumeric characters,

dashes (-), and underscores (_).

-sa name[,name]

Specifies the SAs to include in the SA proposal. The bundle consists of one or two SA

names, separated by commas. For SA bundles, [AH, ESP] is the supported

combination. The SAs must be created prior to being included in the SA proposal. This

operand is required.

-lttime number

Specifies the SA proposal's lifetime in seconds. This operand is optional. If a lifetime is

not specified, the SA does not expire. If lifetime is specified both in seconds and in

bytes, the SA expires when the first expiration criterion is met.

-ltbyte number

Specifies the SA proposal's lifetime in bytes. The SA expiries after the specified

number of bytes have been transmitted. This operand is optional.

Defines the Security Association. An SA specifies the IPSec protocol (AH or ESP), the

algorithms used for encryption and authentication, and the expiration definitions used in

security associations of the traffic. IKE uses these values in negotiations to create IPSec

SAs.

You cannot modify an SA once it is created. Use ipsecConfig --flush manual-sa to

remove all SA entries from the kernel SA database (SADB) and start over.

-tag name

Specifies a name for the SA. This is a user-generated name. The name must be

between 1 and 32 characters in length, and may include alphanumeric characters,

dashes (-), and underscores (_). This operand is required.

-protocol ah | esp

Specifies the IPSec protocol. Encapsulating Security Payload (ESP) provides

confidentiality, data integrity and data source authentication of IP packets, and

protection against replay attacks. Authentication Header (AH) provides data integrity,

data source authentication, and protection against replay attacks but, unlike ESP, does

not provide confidentiality. This operand is required.

-auth algorithm

Specifies the authentication algorithm. This operand is required. Valid algorithms

include the following:

hmac_md5

MD5 authentication algorithm

hmac_sha1

SHA1 authentication algorithm