Setting Up IPsec

You can set Internet Protocol Security by using esxcli network ip ipsec, which secures IP communications coming from and arriving at ESXi hosts. Administrators who perform IPsec setup must have a solid understanding of both IPv6 and IPsec.

ESXi hosts support IPsec only for IPv6 traffic, but not for IPv4 traffic.

You can run esxcli network ip ipsec commands with a vCenter Server system as a target, by using the --vihost option.

The VMware implementation of IPsec adheres to the following IPv6 RFCs.

• 4301 Security Architecture for the Internet Protocol
• 4303 IP Encapsulating Security Payload (ESP)
• 4835 Cryptographic Algorithm Implementation Requirements for ESP
• 2410 The NULL Encryption Algorithm and Its Use With IPsec
• 2451 The ESP CBC-Mode Cipher Algorithms
• 3602 The AES-CBC Cipher Algorithm and Its Use with IPsec
• 2404 The Use of HMAC-SHA-1-96 within ESP and AH
• 4868 Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512