set ipsec <1-255>

Configures parameters for IPsec tunnels on Fabric IPsec Gateway Virtual Machine (VM).

Syntax

Command Parameters

admin-state enable

Enables IPsec on the specific IPsec tunnel.

auth-key WORD <1-32>

Specifies the pre-shared authentication key.

Note

Note

You must not use special characters ?, \, &, <, >, #.

auth-method <psk | rsasig>

Specifies the authentication type for IPsec tunnels. The default is pre-shared key (psk).

cert-subject <subject_label>

Specifies the certificate identity to use with the IPsec tunnel.

encryption-key-length <128 | 256>

Specifies the encryption key length for the IPsec tunnel. The default encryption key length is 128 bit.

fe-tunnel-dest-ip {A.B.C.D}

Specifies the destination IP address for Fabric Extend (FE) tunnel.

ipsec-dest-ip {A.B.C.D}

Specifies the destination IP address for IPsec tunnel.

mtu <1300-9000>

Specifies the Maximum Transmission Unit (MTU) value for the FE tunnel with both IPsec and fragmentation and assembly capabilities.

responder-only <true | false>

Specifies if the IPsec session in the FE tunnel will be in responder only mode or initiator mode. When in responder mode the FE tunnel will only respond to the incoming request and not initiate the IPsec connection. By default both sides of IPSec connection will be initiators in the FE tunnel. Configure the IPsec tunnel to be in responder only mode when there is Network Address Translation (NAT) between the IPsec connection. For more information about NAT, see VOSS User Guide.

tunnel-name WORD <1-64>

Specifies a name for the IPsec tunnel.

Default

None.

Command Mode

Fabric IPsec Gateway Configuration

Usage Guidelines

This command does not apply to all hardware platforms. For more information about feature support, see VOSS Feature Support Matrix.