Alcatel-Lucent 6850-48 Network Guide

Configuring IPsec on the OmniSwitch

Configuring IPsec

page 27-20

OmniSwitch AOS Release 6 Network Configuration Guide

The example below shows the commands for configuring ESP between two OmniSwitches for all TCP 
traffic. 

-> ipsec security-key master-key-12345

-> ipsec policy tcp_out source 3ffe::100 destination 3ffe::200 protocol tcp out 

ipsec description “IPsec on TCP to 200”

-> ipsec policy tcp_in source 3ffe::200 destination 3ffe::100 protocol tcp in 

ipsec description “IPsec on TCP from 200”

-> ipsec policy tcp_out rule 1 esp

-> ipsec policy tcp_in rule 1 esp

-> ipsec policy tcp_out no shutdown

-> ipsec policy tcp_in no shutdown

-> ipsec sa tcp_out_esp esp source 3ffe::100 destination 3ffe::200 spi 1000 

encryption des-cbc authentication hmac-sha1 description “ESP to 200” no shutdown

-> ipsec sa tcp_in_esp esp source 3ffe::200 destination 3ffe::100 spi 1001 

encryption des-cbc authentication hmac-sha1 description “ESP from 200” no shut-

down

-> ipsec key tcp_out_esp sa-encryption 12345678

-> ipsec key tcp_out_esp sa-authentication 12345678901234567890

-> ipsec key tcp_in_esp sa-encryption 12345678

-> ipsec key tcp_in_esp sa-authentication 123456789012345678

90

IPv6 address: 3ffe::200

IPv6 address: 3ffe::100

ESP