Table of Contents
Advertisement
Figure 18 IPsec protected traffic
6.3.2
Protected Intra-Group Traffic
Once IPsec is enabled, all network traffic between group members is automatically protected with
IPsec using IKEv2. No further configuration is required.
6.3.3
IPsec and Replication
The PS Series Firmware provides no mechanism for using IPsec to protect traffic between replication
partners. It is technically possible to create IPsec polices on both the primary and secondary group in
which each group treats the other as an iSCSI initiator and traffic is protected accordingly. However,
this is an unsupported configuration, and Dell recommends against implementing it in a production
environment.
6.3.4
About IPsec Security Parameters
IPsec security parameters control the authentication and key negotiation carried out using the Internet
Key Exchange IKEv1 or IKEv2 protocol.
Security parameters specify the following:
Using IKEv1, IKEv2, or manual keying.
You can configure IPsec to use manual keys. However, manual keying provides significantly weaker
security than IKEv1 or IKEv2, and is also significantly more difficult to configure. Consequently, Dell
strongly discourages the use of manual keying in any production environment. IKEv1 or IKEv2 are the
preferred keying methods. Refer to the Dell EqualLogic Group Manager CLI Reference Guide for more
information about using manual keys.
6.3.5
About IPsec Certificates
Certificates are used in an IPsec configuration as one method of authenticating secured connections
between iSCSI initiators and the group. Implementation of an IPsec-enabled SAN requires both a root-
CA (Certificate Authority) certificate from the issuing authority and a local certificate to authenticate
the group.
March 2013
Dell EqualLogic Configuration Guide v14.1
6-57
Hide quick links:
Advertisement
Table of Contents
