Table of Contents
Advertisement
Default Settings
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Configure the crypto map in Switch MDS A.
Step 3
sw10.1.1.100(config)# crypto map domain ipsec cmap-01 1
sw10.1.1.100(config-crypto-map-ip)# match address acl1
sw10.1.1.100(config-crypto-map-ip)# set peer auto-peer
sw10.1.1.100(config-crypto-map-ip)# set transform-set tfs-01
sw10.1.1.100(config-crypto-map-ip)# end
sw10.1.1.100#
Bind the interface to the crypto map set in Switch MDS A.
Step 4
sw10.1.1.100# conf t
sw10.1.1.100(config)# int gigabitethernet 7/1
sw10.1.1.100(config-if)# ip addr 10.10.1.123 255.255.255.0
sw10.1.1.100(config-if)# crypto map domain ipsec cmap-01
sw10.1.1.100(config-if)# no shut
sw10.1.1.100(config-if)# end
sw10.1.1.100#
You have now configured IPsec in MDS A using the Cisco MDS IPsec and iSCSI features.
Default Settings
Table 30-3
Table 30-3
Parameters
IKE
IKE version
IKE encryption algorithm
IKE hash algorithm
IKE authentication method
IKE DH group identifier
IKE lifetime association
IKE keepalive time for each peer (v2) 3,600 seconds (equals one hour).
Table 30-4
Table 30-4
Parameters
IPsec
Applying IPsec to the traffic.
IPsec PFS
IPsec global lifetime (traffic-volume)
IPsec global lifetime (time)
Cisco MDS 9000 Family Configuration Guide
30-36
lists the default settings for IKE parameters.
Default IKE Parameters
lists the default settings for IPsec parameters.
Default IPsec Parameters
Chapter 30
Default
Disabled.
IKE version 2.
3DES.
SHA.
Not configurable (uses preshared keys).
Group 1.
86,400 00 seconds (equals 24 hours).
Default
Disabled.
Deny—allowing clear text.
Disabled.
450 Gigabytes.
3,600 seconds (one hour).
Configuring IPsec Network Security
OL-6973-03, Cisco MDS SAN-OS Release 2.x
Advertisement
Table of Contents
