HP Cisco MDS 9020 - Fabric Switch Configuration Manual page 888

Sample iSCSI Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Figure 35-9
12.12.1.11
Host 1
To configure IPsec for the iSCSI scenario shown in
Configure the ACLs in Switch MDS A.
Step 1
sw10.1.1.100# conf t
sw10.1.1.100(config)# ip access-list acl1 permit tcp 10.10.1.0 0.0.0.255 range port 3260
3260 12.12.1.0 0.0.0.255
Configure the transform set in Switch MDS A.
Step 2
sw10.1.1.100(config)# crypto transform-set domain ipsec tfs-01 esp-3des esp-md5-hmac
Configure the crypto map in Switch MDS A.
Step 3
sw10.1.1.100(config)# crypto map domain ipsec cmap-01 1
sw10.1.1.100(config-crypto-map-ip)# match address acl1
sw10.1.1.100(config-crypto-map-ip)# set peer auto-peer
sw10.1.1.100(config-crypto-map-ip)# set transform-set tfs-01
sw10.1.1.100(config-crypto-map-ip)# end
sw10.1.1.100#
Bind the interface to the crypto map set in Switch MDS A.
Step 4
sw10.1.1.100# conf t
sw10.1.1.100(config)# int gigabitethernet 7/1
sw10.1.1.100(config-if)# ip address 10.10.1.123 255.255.255.0
sw10.1.1.100(config-if)# crypto map domain ipsec cmap-01
sw10.1.1.100(config-if)# no shut
sw10.1.1.100(config-if)# end
sw10.1.1.100#
Cisco MDS 9000 Family CLI Configuration Guide
35-40
iSCSI with End-to-End IPsec
Subnet 12.12.1/24
12.12.1.10
Host 2
iPSEC
iPSEC
10.10.1.1
12.12.1.1
Router
iPSEC
12.12.1.50
Host 3
Chapter 35 Configuring IPsec Network Security
iPSEC
10.10.1.123
Figure 35-9, follow these steps:
OL-16184-01, Cisco MDS SAN-OS Release 3.x
MDS A