16
IPsec over FCIP
•
•
•
•
•
FCIP Compression
The FCIP tunnel compression mode allows IP packets to be compressed over the FCIP. The modes
available are None, Moderate, and Auto. FCIP tunnel configuration is available in Brocade Network
Advisor.
Accessing the IPsec Policies dialog box
To access the IPsec Policies dialog box, perform the following steps.
1. Open the Switch Administration window.
2. Select Show Advanced Mode.
3. Select the Security Policies tab.
4. Under Security Policies, select IPsec Policies.
Establishing an IKE policy for an FCIP tunnel
To establish an IKE policy for an FCIP tunnel, perform the following steps.
1. From the IKE tab of the IPsec Policies screen, select Create.
2. Policy Type provides a way to toggle between the IKE and IPsec Add Policy dialog box boxes.
3. Assign a policy number.
4. Select the Encryption Algorithm used in this policy.
5. Select an Authentication Algorithm for this policy.
6. Turn Perfect Forward Secrecy on or off.
7.
206
Create a security association (SA).
Create an SA proposal.
Add an IPsec Transform policy, referencing the IKE policy and the SA proposal.
Add an IPsec selector that allows you to apply a Transform policy to a specific IP flow.
Enable the policy.
The IPsec Policies window displays. The default view shows the IKE tab.
The Add Policy dialog box displays.
Make sure the Policy Type is set to IKE.
The Policy Number selector allows you to select a number between 1 and 32.
The choices are 3DES, AES-128, and AES_256.
The choices are SHA-1, MD5, and AES-XCBC.
The default is On. Perfect Forward Secrecy (PFS) provides additional security by means of a
Diffie-Hellman shared secret value. With PFS, if one key is compromised, previous and
subsequent keys are secure because they are not derived from previous keys.
Select a Diffie-Hellman Group association.
The choices are 1 (modp768) and 14 (modp2048).
Web Tools Adminstrator's Guide
53-1002152-01