IPsec Specifications Configuring IPsec
page 18-2 OmniSwitch AOS Release 7 Network Configuration Guide June 2013
IPsec Specifications
IPsec Defaults
The following table shows the default settings of the configurable IPsec parameters.
Platforms Supported OmniSwitch 10K, 6900
IP Version Supported IPv6
RFCs Supported 4301 - Security Architecture for the Internet Proto-
col
4302 - IP Authentication Header (AH)
4303 - IP Encapsulating Security Payload (ESP)
4305 - Cryptographic Algorithm Implementation
Requirements for ESP and AH
4308 - Cryptographic Suites for IPsec
Encryption Algorithms Supported for ESP NULL, 3DES-CBC, and AES-CBC
Key lengths supported for Encryption Algo-
rithms
3DES-CBC - 192 bits
AES-CBC - 128, 192, or 256 bits
Authentication Algorithms Supported for
AH
HMAC-SHA1-96, HMAC-MD5-96, and AES-
XCBC-MAC-96
Key lengths supported for Authentication
Algorithms
HMAC-MD5 - 128 bits
HMAC-SHA1 - 160 bits
AES-XCBC-MAC - 128 bits
Master Security Key formats Hexadecimal (16 bytes) or String (16 characters)
Priority value range for IPsec Policy 1 - 1000 (1=highest priority, 1000=lowest priority)
Index value range for IPsec Policy Rule 1 - 10
SPI Range 256 - 999999999
Modes Supported Transport
Parameter Description Command Default Value/Comments
IPsec global status (A license file
must be present on the switch)
Disabled
Master security key for the switch ipsec security-key No master security key set
IPsec policy priority ipsec policy 100
IPsec security policy status ipsec policy Disabled
IPsec discard policy status ipsec policy Enabled
IPsec SA status ipsec sa Disabled
Key length AES-CBC ipsec sa 128 bits
To Next Page
Loading...
Need help?
General