User's Guide Command Line Interface - QLogic

3–Network Configuration
Managing IP Security
Creating an IKE Policy
To create an IKE peer, enter the Ike Policy Create command as shown in the
following example:
SANbox (admin-ipsec) #> ike policy create policy_2
A list of attributes with formatting will follow.
Enter a value or simply press the ENTER key to skip specifying a value.
If you wish to terminate this process before reaching the end of the list
press 'q' or 'Q' and the ENTER key to do so.
Required attributes are preceded by an asterisk.
Value (press ENTER to not specify value, 'q' to quit):
Description (string, max=127 chars, N=None) : Policy 2
*Mode (1=transport, 2=tunnel) : 1
*LocalAddress (IPv4, IPv6 Address or keyword 'All' : 10.0.0.3
LocalPort (decimal value, 0-65535 or keyword 'All' : 1234
RemotePort (decimal value, 0-65535 or keyword 'All' : 0
*Peer (string, max=32 chars) : peer_1
*Protocol
(decimal value, 0-255, or keyword)
0=NotSpecified
Allowed keywords
icmp, icmp6, ip4, tcp, udp or any : udp
Action (1=ipsec) : 1
ProtectionDesired (select one, transport-mode only)
1=esp Encapsulating Security Payload : 1
LifetimeChild (decimal value, 900-86400 seconds) : 3600
RekeyChild (True / False) : True
*Encryption
(select one or more encryption algorithms)
1=3des_cbc
2=aes_cbc_128
3=aes_cbc_192
4=aes_cbc_256
5=null : 1
Integrity
(select one or more integrity algorithms)
1=md5_96
2=sha1_96
3=sha2_256
4=aes_xcbc_96
or the keyword 'None' : 1 2 3
DHGroup
(select one or more Diffie-Hellman Groups)
1, 2, 5, 14, 24 or the keyword 'None' : 1 5
Restrict (True / False) : True
The IKE policy has been created.
This configuration must be saved with the 'ipsec save' command
before it can take effect, or to discard this configuration
use the 'ipsec cancel' command.
SANbox (admin-ipsec) #> ipsec save
3-24 59263-02 B