Configuring An Ike Policy - HP Cisco MDS 9216 - Fabric Switch Configuration Manual

Chapter 44 Configuring IPsec Network Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
When you configure the hash algorithm, the corresponding HMAC version is used as the authentication
Note
algorithm.
When the IKE negotiation begins, IKE looks for an IKE policy that is the same on both peers. The peer
that initiates the negotiation will send all its policies to the remote peer, and the remote peer will try to
find a match. The remote peer looks for a match by comparing its own highest priority policy against the
other peer's received policies. The remote peer checks each of its policies in order of its priority (highest
priority first) until a match is found.
A match is found when the two peers have the same encryption, hash algorithm, authentication
algorithm, and DH group values. If a match is found, IKE completes the security negotiation and the
IPsec SAs are created.
If an acceptable match is not found, IKE refuses negotiation and the IPsec data flows will not be
established.

Configuring an IKE Policy

To configure the IKE policy negotiation parameters using Fabric Manager, follow these steps:
Expand Switches > Security and then select IKE.
Step 1
You see the IKE configuration in the Information pane in
Figure 44-9
Step 2 Click the Policies tab.
You see the existing IKE polices in the Information pane.
Step 3 Click Create Row to create an IKE policy.
You see the Create Policy dialog box shown in
OL-16184-01, Cisco MDS SAN-OS Release 3.x
IKE Configuration
Manually Configuring IPsec and IKE
Figure 44-9.
Figure 44-10.
Cisco MDS 9000 Family CLI Configuration Guide
44-15