Ipsec Allowed Transforms; Initial Troubleshooting Checklist; Common Troubleshooting Tools In Fabric Manager - Cisco MDS 9000 Manual
Hide thumbs
Also See for MDS 9000:
- Command reference manual (1464 pages) ,
- Configuration manual (344 pages) ,
- Troubleshooting manual (161 pages)
Table of Contents
Advertisement
Initial Troubleshooting Checklist
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
IPsec Allowed Transforms
Table 22-3
Table 22-3
Parameter
Encryption algorithm
Hash/authentication algorithm
(optional)
1. If you configure the AES counter (CTR) mode, you must also configure the
Initial Troubleshooting Checklist
Begin troubleshooting IPsec issues by checking the following issues:
Checklist
Verify licensing requirements. See Cisco MDS 9000 Family Fabric Manager
Configuration Guide.
Verify that IKE has been configured for IPsec.
Verify the digital certificates configuration if it is enabled for IPsec. See
"Troubleshooting Digital Certificates."
Verify that there are matching IKE policies defined at each peer.
Verify that you have refreshed SAs after any IKEv2 reconfiguration.
Verify that you have configured mirror crypto map ACLs at the peer for every crypto map
ACL configured locally.
Common Troubleshooting Tools in Fabric Manager
Choose Switches > Security > IPsec to access IPsec.
Choose Switches > Security > IKE to access IKE.
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
22-4
provides a list of allowed transform combinations for IPsec.
IPsec Transform Configuration Parameters
authentication algorithm.
Accepted Values
56-bit DES-CBC
168-bit DES
128-bit AES-CBC
1
128-bit AES-CTR
256-bit AES-CBC
1
256-bit AES-CTR
1
SHA-1 (HMAC variant)
MD5 (HMAC variant)
AES-XCBC-MAC
Chapter 22
Troubleshooting IPsec
Check off
Chapter 24,
OL-9285-05
Advertisement
Table of Contents
Troubleshooting
