Technical data
Fabric OS FCIP Administrator’s Guide 61
53-1002474-01
IPsec implementation over FCIP
3
Creating an IKE and IPsec policy
For a complete description of the policy command, refer to the Fabric OS Command Reference
Manual.
1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the policy command to create IKE and IPsec policies:
policy --create type number [-enc encryption_method][-auth
authentication_algorithm] [-pfs off|on] [-dh DH_group] [-seclife secs]
The following example shows how to create IKE policy number 10 using 3DES encryption, MD5
authentication, and Diffie-Hellman Group 1:
switch:admin> policy --create ike 10 -enc 3des -auth md5 -dh 1
For full details on syntax and using this command, refer to the Fabric OS Command Reference
Manual.
Displaying IKE and IPsec policy settings
1. Connect to the switch and log in using an account assigned to the administrative role.
2. Display the settings for a single policy by entering the following command:
policy --show type number
For example, to view the IPsec 1 policy, enter the following command.
policy --show ipsec 1
3. Display the policy settings for all defined policies by entering the following command:
policy --show type all
For full details on syntax and using this command, refer to the Fabric OS Command Reference
Manual.
Deleting an IKE and IPsec policy
Policies cannot be modified. You must delete and then recreate a policy with the new parameters.
1. Connect to the switch and log in using an account assigned to the admin role.
Security Association lifetime in seconds Security association lifetime in seconds. A new key is renegotiated
before seconds expires. seconds must be between 28800 to
250000000 or 0. The default is 28800.
PFS (Perfect Forward Secrecy) Applies only to IKE policies. Choices are On/Off and
default is On.
Diffie-Hellman group Group 1—768 bits (default)
Group 14—2048 bits
TABLE 12 Modifiable policy parameters (Continued)
Parameter Description