Skip to main content

security ipsec config modify

Contributors
Suggest changes

Modify IPsec config

Availability: This command is available to cluster administrators at the admin privilege level.

Description

This command modifies IPsec configuration parameters.

Parameters

[-is-enabled {true|false}] - Is IPsec Enabled

This parameter enables and disables IPsec on the storage system.

[-log-level <IPsec Log Level>] - IPsec Logging Level

This parameter sets the IPsec logging level, where logging level 0 means no logging, and logging level 5 is most verbose. Default value is 2.

[-replay-window {0|64|128|256|512|1024}] - IPsec Replay Window Size

This parameter sets the IPsec replay window size. The possible values are 0, 64, 128, 256, 512 and 1024. Default value is 0.

[-ready-to-downgrade {true|false}] - IPsec Ready To Downgrade (privilege: advanced)

This parameter is used when downgrading to a non-IPsec capable ONTAP. Set this parameter to true to cleanup IPsec configurations before such downgrade.

[-is-offload-enabled {true|false}] - Offload Enabled

This parameter enables and disables IPsec NIC offload. If enabled, ONTAP will try to use NIC offload whenever possible.

Examples

The following example enables IPsec:

cluster-1::> security ipsec config modify -is-enabled true

The following example sets the IPsec logging level to 4:

cluster-1::> security ipsec config modify -log-level 4

The following example sets the IPsec replay window size to 64:

cluster-1::> security ipsec config modify -replay-window 64

The following example enables the IPsec NIC offload. IPsec itself has to be enabled to use the IPsec NIC offload:

cluster-1::> security ipsec config modify -is-enabled true -is-offload-enabled true