Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual page 943
Cisco mds 9000 family cli configuration guide - release 4.x (ol-18084-01, february 2009)
Hide thumbs
Also See for AP776A - Nexus Converged Network Switch 5020:
- Command reference manual (1640 pages) ,
- Configuration manual (1486 pages) ,
- Reference (886 pages)
Table of Contents
Advertisement
Chapter 37
Configuring IPsec Network Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Figure 37-8
MDS C
To configure IPsec for the FCIP scenario shown in
Enable IKE and IPsec in Switch MDS A.
Step 1
sw10.1.1.100# conf t
sw10.1.1.100(config)# feature crypto ike
sw10.1.1.100(config)# feature crypto ipsec
Configure IKE in Switch MDS A.
Step 2
sw10.1.1.100(config)# crypto ike domain ipsec
sw10.1.1.100(config-ike-ipsec)# key ctct address 10.10.100.232
sw10.1.1.100(config-ike-ipsec)# policy 1
sw10.1.1.100(config-ike-ipsec-policy)# encryption 3des
sw10.1.1.100(config-ike-ipsec-policy)# hash md5
sw10.1.1.100(config-ike-ipsec-policy)# end
sw10.1.1.100#
Step 3
Configure the ACLs in Switch MDS A.
sw10.1.1.100# conf t
sw10.1.1.100(config)# ip access-list acl1 permit tcp 10.10.100.231 0.0.0.0 10.10.100.232
0.0.0.0
Step 4
Configure the transform set in Switch MDS A.
sw10.1.1.100(config)# crypto transform-set domain ipsec tfs-02 esp-aes 128 esp-sha1-hmac
Configure the crypto map in Switch MDS A.
Step 5
sw10.1.1.100(config)# crypto map domain ipsec cmap-01 1
sw10.1.1.100(config-crypto-map-ip)# match address acl1
sw10.1.1.100(config-crypto-map-ip)# set peer 10.10.100.232
sw10.1.1.100(config-crypto-map-ip)# set transform-set tfs-02
sw10.1.1.100(config-crypto-map-ip)# set security-association lifetime seconds 120
sw10.1.1.100(config-crypto-map-ip)# set security-association lifetime gigabytes 3000
sw10.1.1.100(config-crypto-map-ip)# set pfs group5
sw10.1.1.100(config-crypto-map-ip)# end
sw10.1.1.100#
Bind the interface to the crypto map set in Switch MDS A.
Step 6
sw10.1.1.100# conf t
sw10.1.1.100(config)# int gigabitethernet 7/1
sw10.1.1.100(config-if)# ip addr 10.10.100.231 255.255.255.0
sw10.1.1.100(config-if)# crypto map domain ipsec cmap-01
sw10.1.1.100(config-if)# no shut
sw10.1.1.100(config-if)# exit
sw10.1.1.100(config)#
OL-18084-01, Cisco MDS NX-OS Release 4.x
IP Security Usage in an FCIP Scenario
FCIP
Tunnel 2
10.10.100.232
MDS A
10.10.100.231
Figure
37-8, follow these steps:
Cisco MDS 9000 Family CLI Configuration Guide
Sample FCIP Configuration
37-35
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
