Brocade Communications Systems RFS7000 Network Router User Manual


  Open as PDF
of 839
 
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 235
53-1001931-01
Global Configuration commands
5
Parameters
ipsec (security-association|
transform-set)
Configures IPSEC policies.
security-association – Defines the security association
parameter used to define its lifetime
lifetime (kilobyte | seconds) – The lifetime of IPSEC
security association. It can be defined in either:
kilobytes – Volume-based key duration, the minimum is
500 KB and maximum is 2147483646 KB .
seconds – Time-based key duration, the minimum is 90
seconds and maximum is 2147483646 seconds
transform-set [set name] – Uses the crypto ipsec
transform-set command to define the transform
configuration (authentication and encryption) for securing
data
ah-md5-hmac
ah-sha-hmac
esp-3des
esp-aes
esp-aes-192
esp-aes-256
esp-des
esp-md5-hmac
esp-sha-hmac
The transform-set is then assigned to a crypto map using the
map’s set transform-set command. For more information, see
Crypto-map Instance on page 371
isakmp
[client|keepalive|key|
peer|policy]
Configures the Internet Security Association and Key
Management Protocol (ISAKMP) policy.
client configuration (group) (default) – Leads to the
config-cryptogroup instance.
For more details see Crypto-group Instance on page 341
keepalive <10-3600> – Sets a keepalive interval for use with
remote peers. It defines the number of seconds between
DPD messages
key [0 <key>|2 <key>|<key>] [address|hostname] – Sets a
pre-shared key for remote peer
0 <key> – Password is specified unencrypted
2 <key> – Password is encrypted with
password-encryption secret
<key> – User provided password
address – Defines a shared key with an
IP address
hostname – Defines the shared key with a hostname
peer [address|dn|hostname] – Sets the remote peer
address – The IP address is the identity of the remote
peer
dn – The identity of the remote peer is the distinguished
name
hostname –The hostname is the identity of the remote
peer
policy <1-10000> – Sets a policy for a ISAKMP protection
suite
 previous next