Configuring IPsec Configuring IPsec on the OmniSwitch
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 18-17
Use the following information to determine how to create the proper key size:
• Number of Characters = Key Size (in bits) / 8; Ex. A 160-bit key would require 20 characters for the
key.
• Number of Hexidecimal = Key Size (in bits) / 4; Ex. A 160-bit key would require 40 hexidecimal
digits.
Use the no form of this command to delete the configured IPsec SA key. For example:
-> no ipsec key tcp_in_ah
Verifying IPsec SA Key
To display the encryption key values which are configured for manually configured IPsec SAs, use the
show ipsec key command For example:
-> show ipsec key sa-encryption
Encryption Keys
Name Length (bits)
--------------------+---------------
sa_1 192
sa_2 160
sa_3 64
The above command shows the number of manually configured SAs along with their encryption key
lengths in bits respectively. To display the IPsec SA keys used for authentication, use the show ipsec key
command, as shown below:
-> show ipsec key sa-authentication
Authentication Keys
Name Length (bits)
--------------------+----------------
tcp_in_ah 160
sa_1 128
sa_5 160
The above command shows the number of manually configured SAs along with their authentication key
lengths in bits respectively.
HMAC-SHA1 160 Bits
AES-XCBC-MAC 128 Bits
Note. The name parameter must be the same as the name of the manually configured IPsec SA
. Also, the
combination of the key name and type must be unique.
Note. Due to security reasons, key values will not be displayed; only key names and key lengths will be
displayed.
Algorithm Key Length
To Next Page
Loading...
