Cisco MDS 9000 Series Configuration Manual page 198

Configuring an IKE Policy
(Optional) Reverts to the default identity mode (address).
Step 6
switch(config-ike-ipsec)# key switch1 address 10.10.1.1
Associates a preshared key with the IP address of a peer.
Step 7 switch(config-ike-ipsec)# no key switch1 address 10.10.1.1
(Optional) Deletes the association of a preshared key and the IP address of a peer.
Step 8 switch(config-ike-ipsec)# key switch1 hostname switch1.cisco.com
Associates a preshared key with the FQDN of a peer.
Note
Step 9 switch(config-ike-ipsec)# no key switch1 hostname switch1.cisco.com
(Optional) Deletes the association of a preshared key and the IP address of a peer.
Step 10 switch(config-ike-ipsec)# policy 1
switch(config-ike-ipsec-policy)#
Specifies the policy to configure.
Step 11
switch(config-ike-ipsec)# no policy 1
(Optional) Deletes the specified policy.
Step 12 switch(config-ike-ipsec-policy)# encryption des
Configures the encryption policy.
Step 13
switch(config-ike-ipsec-policy)# no encryption des
(Optional) Defaults to 3DES encryption.
Step 14 switch(config-ike-ipsec-policy)# group 5
Configures the DH group.
Step 15
switch(config-ike-ipsec-policy)# no group 5
(Optional) Defaults to DH group 1.
Step 16 switch(config-ike-ipsec-policy)# hash md5
Configures the hash algorithm.
Step 17 switch(config-ike-ipsec-policy)# no hash md5
(Optional) Defaults to SHA.
Step 18
switch(config-ike-ipsec-policy)# authentication pre-share
Configures the authentication method to use the preshared key (default).
Step 19 switch(config-ike-ipsec-policy)# authentication rsa-sig
Configures the authentication method to use the RSA signature.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
180
To use the FQDN, you must configure the switch name and domain name on the peer.
Configuring IPSec Network Security