Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series Controller AOS

331

332

333

334

335

336

337

338

339

340

Policy

Name

Policy

Number

IKE

Version

Encryption

Algorithm

Hash

Algorithm

Authentica

-tion

Method

PRF

Method

Diffie-

Hellman

Group

Default

IKEv2

RSA

protectio

n suite

1006 IKEv2 AES - 128 SHA 96 RSA

Signature

hmac-

sha1

2 (1024

bit)

Default

IKEv2

PSK

protectio

n suite

10007 IKEv2 AES - 128 SHA 96 Pre-shared

key

hmac-

sha1

2 (1024

bit)

Default

Suite-B

128bit

ECDSA

protectio

n suite

10008 IKEv2 AES - 128 SHA 256-

128

ECDSA-256

Signature

hmac-

sha2-

256

Random

ECP

Group

(256 bit)

Default

Suite-B

256 bit

ECDSA

protectio

n suite

10009 IKEv2 AES -256 SHA 384-

192

ECDSA-384

Signature

hmac-

sha2-

384

Random

ECP

Group

(384 bit)

Default

Suite-B

128bit

IKEv1

ECDSA

protectio

n suite

10010 IKEv1 AES-GCM-

128

SHA 256-

128

ECDSA-256

Signature

hmac-

sha2-

256

Random

ECP

Group

(256 bit)

Default

Suite-B

256-bit

IKEv1

ECDSA

protectio

n suite

10011 IKEv1 AES-GCM-

256

SHA 256-

128

ECDSA-256

Signature

hmac-

sha2-

256

Random

ECP

Group

(256 bit)

When using a default IKE (V1 or V2) policy for an IPsec map, the priority number should be the same as the policy

number.

Examples

The following commands configures site-to-site VPN between two controllers:

(host) (config) #crypto-local ipsec-map sf-chi-vpn 100

src-net 101.1.1.0 255.255.255.0

dst-net 100.1.1.0 255.255.255.0

peer-ip 172.16.0.254

vlan 1

trusted

Dell Networking W-Series ArubaOS 6.4.x | User Guide crypto-local ipsec-map | 332