Configuring Ipsec Using Fcip Wizard - HP Cisco MDS 9216 - Fabric Switch Configuration Manual

Configuring IPsec Using FCIP Wizard

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
•
•
•
•
Configuring IPsec Using FCIP Wizard
Fabric Manager simplifies the configuration of IPsec and IKE by enabling and configuring these features
as part of the FCIP configuration using the FCIP Wizard. See the
page
To enable IPsec using the FCIP Wizard in Fabric Manager, follow these steps:
Click the FCIP Wizard icon in the toolbar.
Step 1
Figure 44-5
Choose the switches that act as endpoints for the FCIP link and click Next.
Step 2
Note
Choose the Gigabit Ethernet ports on each MPS-14/2 module that will form the FCIP link.
Step 3
Check the Enforce IPSEC Security check box and set IKE Auth Key (see
Step 4
Cisco MDS 9000 Family CLI Configuration Guide
44-10
If the peer asks for a certificate which is signed by a CA that it trusts, then IKE uses that certificate,
if it exists on the switch, even if it is not the default certificate.
If the default certificate is deleted, the next IKE or general usage certificate, if any exists, is used by
IKE as the default certificate.
Certificate chaining is not supported by IKE.
IKE only sends the identity certificate, not the entire CA chain. For the certificate to be verified on
the peer, the same CA chain must also exist there.
48-8.
FCIP Wizard
These switches must have MPS-14/2 modules installed to configure IPsec on this FCIP link.
Chapter 44 Configuring IPsec Network Security
"Using the FCIP Wizard" section on
Figure 44-6).
OL-16184-01, Cisco MDS SAN-OS Release 3.x