VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Setting Up IPsec
Last Updated December 16, 2024

You can set Internet Protocol Security by using
esxcli network ip ipsec
, which secures IP communications coming from and arriving at
ESXi
 hosts. Administrators who perform IPsec setup must have a solid understanding of both IPv6 and IPsec.
ESXi
 hosts support IPsec only for IPv6 traffic, but not for IPv4 traffic.
You can run
esxcli network ip ipsec
 commands with a
vCenter Server
 system as a target, by using the
--vihost
 option.
The VMware implementation of IPsec adheres to the following IPv6 RFCs.
  • 4301 Security Architecture for the Internet Protocol
  • 4303 IP Encapsulating Security Payload (ESP)
  • 4835 Cryptographic Algorithm Implementation Requirements for ESP
  • 2410 The NULL Encryption Algorithm and Its Use With IPsec
  • 2451 The ESP CBC-Mode Cipher Algorithms
  • 3602 The AES-CBC Cipher Algorithm and Its Use with IPsec
  • 2404 The Use of HMAC-SHA-1-96 within ESP and AH
  • 4868 Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512

Content feedback and comments