security ipsec config modify
Modify IPsec config
Availability: This command is available to cluster administrators at the admin privilege level.
Description
This command modifies IPsec configuration parameters.
Parameters
[-is-enabled {true|false}]
- Is IPsec Enabled-
This parameter enables and disables IPsec on the storage system.
[-log-level <IPsec Log Level>]
- IPsec Logging Level-
This parameter sets the IPsec logging level, where logging level 0 means no logging, and logging level 5 is most verbose. Default value is 2.
[-replay-window {0|64|128|256|512|1024}]
- IPsec Replay Window Size-
This parameter sets the IPsec replay window size. The possible values are 0, 64, 128, 256, 512 and 1024. Default value is 0.
[-ready-to-downgrade {true|false}]
- IPsec Ready To Downgrade (privilege: advanced)-
This parameter is used when downgrading to a non-IPsec capable ONTAP. Set this parameter to true to cleanup IPsec configurations before such downgrade.
[-is-offload-enabled {true|false}]
- Offload Enabled-
This parameter enables and disables IPsec NIC offload. If enabled, ONTAP will try to use NIC offload whenever possible.
Examples
The following example enables IPsec:
cluster-1::> security ipsec config modify -is-enabled true
The following example sets the IPsec logging level to 4:
cluster-1::> security ipsec config modify -log-level 4
The following example sets the IPsec replay window size to 64:
cluster-1::> security ipsec config modify -replay-window 64
The following example enables the IPsec NIC offload. IPsec itself has to be enabled to use the IPsec NIC offload:
cluster-1::> security ipsec config modify -is-enabled true -is-offload-enabled true