Sample Iscsi Configuration - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

Cisco mds 9000 family cli configuration guide - release 4.x (ol-18084-01, february 2009)
Hide thumbs Also See for AP776A - Nexus Converged Network Switch 5020:
Table of Contents

Advertisement

Chapter 37
Configuring IPsec Network Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
You have now configured IPsec in both switches MDS A and MDS C.

Sample iSCSI Configuration

Figure 37-9
auto-peer option, when any host from the subnet 12.12.1.0/24 tries to connect to the MDS switch's
Gigabit Ethernet port 7/1, an SA is created between the hosts and the MDS switch. With auto-peer, only
one crypto map is necessary to create SAs for all the hosts in the same subnet. Without auto-peer, you
need one crypto map entry per host.
Figure 37-9
12.12.1.11
To configure IPsec for the iSCSI scenario shown in
Configure the ACLs in Switch MDS A.
Step 1
sw10.1.1.100# conf t
sw10.1.1.100(config)# ip access-list acl1 permit tcp 10.10.1.0 0.0.0.255 range port 3260
3260 12.12.1.0 0.0.0.255
Configure the transform set in Switch MDS A.
Step 2
sw10.1.1.100(config)# crypto transform-set domain ipsec tfs-01 esp-3des esp-md5-hmac
Configure the crypto map in Switch MDS A.
Step 3
sw10.1.1.100(config)# crypto map domain ipsec cmap-01 1
sw10.1.1.100(config-crypto-map-ip)# match address acl1
sw10.1.1.100(config-crypto-map-ip)# set peer auto-peer
OL-18084-01, Cisco MDS NX-OS Release 4.x
focuses on the iSCSI session between MDS A and the hosts in subnet 12.12.1/24. Using the
iSCSI with End-to-End IPsec
Subnet 12.12.1/24
12.12.1.10
Host 2
Host 1
iPSEC
iPSEC
12.12.1.1
iPSEC
12.12.1.50
Host 3
iPSEC
10.10.1.1
Router
Figure
Cisco MDS 9000 Family CLI Configuration Guide
Sample iSCSI Configuration
MDS A
10.10.1.123
37-9, follow these steps:
37-39

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents