HP StorageWorks Fabric OS 6.1.1 administrator guide (5697-0235, December 2009)
Fabric OS 6.1.x administrator guide 391
The parameters listed inTable 88 can be modified:
Managing policies
Use the policy command to create, delete, and show IKE and IPSec policies.
To create a new policy:
1. Log in to the switch as admin.
2. Issue the policy command to create IKE and IPSec policies:
policy --create type number [-enc encryption_method][-auth
authentication_algorithm] [-pfs off|on] [-dh DH_group] [-seclife secs]
where:
Table 88 Modifiable policy parameters
Parameter Description
Encryption Algorithm 3DES—168-bit key
A ES -128 — 128 - b i t ke y ( d e f a u l t )
AES-256—256-bit key
Authentication Algorithm SHA-1—Secure Hash Algorithm (default)
MD5—Message Digest 5
AES-XCBC—Used only for IPSec
Security Association lifetime in
seconds
The lifetime in seconds of the security association. A new
key is renegotiated before seconds expires. Seconds must
be between 28800 to 250000000 or 0. Default is 28800
sec.
PFS (Perfect Forward Secrecy) Applies only to IKE policies. Choices are On/Off;
default is On.
Diffie-Hellman group Group 1—768 bits (default)
Group 14—2048 bits
type and number The type of policy being created (IKE or IPSec) and the number for
this type of policy. To easily determine how many policies have
been created, consider using sequential numbering. The range of
valid values is any whole number from 1 through 32.
encryption_method The supported type of encryption. Valid options are 3DES,
AES-128, and AES-256. AES-128 is the default.
authentication_algorithm The authentication algorithm. Valid options are SHA-1, MD5, and
AES-XCBC (IPSec only). SHA-1 is the default.
DH_Group The Diffie-Hellman group. Supported groups are Group 1 and
Group 14. Group 1 is the default.
secs The security association lifetime in seconds. 28800 is the default.