Configuring IPsec Additional Examples
OmniSwitch AOS Release 7 Network Configuration Guide June 2013 page 18-19
Additional Examples
Configuring ESP
The example below shows the commands for configuring ESP between two OmniSwitches for all TCP
traffic.
ESP Between Two OmniSwitches
Switch A
-> ipsec security-key master-key-12345
-> ipsec policy tcp_out source 3ffe::100 destination 3ffe::200 protocol tcp out
ipsec description “IPsec on TCP to 200”
-> ipsec policy tcp_in source 3ffe::200 destination 3ffe::100 protocol tcp in
ipsec description “IPsec on TCP from 200”
-> ipsec policy tcp_out rule 1 esp
-> ipsec policy tcp_in rule 1 esp
-> ipsec policy tcp_out admin-state enable
-> ipsec policy tcp_in admin-state enable
-> ipsec sa tcp_out_esp esp source 3ffe::100 destination 3ffe::200 spi 1000
encryption des-cbc authentication hmac-sha1 description “ESP to 200” admin-state
enable
-> ipsec sa tcp_in_esp esp source 3ffe::200 destination 3ffe::100 spi 1001
encryption des-cbc authentication hmac-sha1 description “ESP from 200” admin-
state enable
-> ipsec key tcp_out_esp sa-encryption 12345678
-> ipsec key tcp_out_esp sa-authentication 12345678901234567890
-> ipsec key tcp_in_esp sa-encryption 12345678
-> ipsec key tcp_in_esp sa-authentication 123456789012345678
90
Switch A
IPv6 address: 3ffe::200IPv6 address: 3ffe::100
Switch B
ESP
To Next Page
Loading...
Need help?
General