Ipsec Configuration; Ipsec Parameters - Brocade Communications Systems 8 Administrator's Manual

Fabric os fcip administrator’s guide

Hide thumbs Also See for 8:

Command reference manual (1080 pages)

Reference (842 pages)

Reference manual (382 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

page of 116

/ 116
Contents
Table of Contents
Bookmarks

Table of Contents

•

IPsec configuration

IPsec requires predefined configurations for IKE and IPsec. You can enable IPsec only when these

configurations are well-defined and properly created in advance.

The following describes the sequence of events that invokes the IPsec protocol.

1. Traffic from an IPsec peer with the lower local IP address initiates the IKE negotiation process.

2. IKE negotiates SAs and authenticates IPsec peers, and sets up a secure channel for

3. IKE negotiates SA parameters, setting up matching SAs in the peers. Some of the negotiated

4. Data is transferred between IPsec peers based on the IPsec parameters and keys stored in the

5. IPsec tunnel termination. SA lifetimes terminate through deletion or by timing out.

All of these steps require that the correct policies have been created. Because policy creation is an

independent procedure from FCIP tunnel creation, you must know which IPsec configurations have

been created. This ensures that you choose the correct configurations when you enable an IPsec

tunnel.

The first step to configuring IPsec is to create a policy for IKE and a policy for IPsec. Once the

policies have been created, you assign the policies when creating the FCIP tunnel.

IKE negotiates SA parameters and authenticates the peer using the preshared key authentication

method. Once the two phases of the negotiation are completed successfully, the actual encrypted

data transfer can begin.

IPsec policies are managed using the policy command.

You can configure up to 32 IKE and 32 IPsec policies. Policies cannot be modified; they must be

deleted and recreated in order to change the parameters. You can delete and recreate any policy

as long as the policy is not being used by an active FCIP tunnel.

Each FCIP tunnel is configured separately and may have the same or different IKE and IPsec

policies as any other tunnel. Only one IPsec tunnel can be configured for each GbE port.

IPsec parameters

When creating policies, the parameters listed in

TABLE 10

Parameter

IKE negotiation protocol

ESP

IKE negotiation authentication method

3DES encryption

AES encryption

Fabric OS FCIP Administrator's Guide

53-1001766-01

Secure Tunnels cannot be defined with VLAN Tagged connections.

negotiation of phase 2 (IPsec) SAs.

SA parameters include encryption and authentication algorithms, Diffie-Hellman key exchange,

and SA lifetimes.

SA database.

Fixed policy parameters

IPSec implementation over FCIP

Table 10

are fixed and cannot be modified.

Fixed Value

Main mode

Tunnel mode

Preshared key

Key length of 168 bits

Key length of 128 or 256

Table of Contents

Show Quick Links

Quick Links:
Managing Fcip Tunnels

Hide quick links:

Table of Contents

This manual is also suitable for:

Poweredge m1000e Poweredge m600 Poweredge m605 Poweredge m610 Poweredge m710 Poweredge m710hd ... Show all

Ipsec Configuration; Ipsec Parameters - Brocade Communications Systems 8 Administrator's Manual

IPsec configuration

IPsec parameters

Hide quick links:

Related Manuals for Brocade Communications Systems 8

Related Content for Brocade Communications Systems 8

This manual is also suitable for:

Table of Contents