Configuring Transform Sets - HP Cisco MDS 9216 - Fabric Switch Configuration Manual

Crypto IPv4-ACLs
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
When you enable IPsec, the Cisco SAN-OS software automatically creates a default transform set
Note
(ipsec_default_tranform_set) using AES-128 encryption and SHA-1 authentication algorithms.
Table 44-2
Table 44-2
Parameter
encryption algorithm
hash/authentication algorithm
(optional)
1. If you configure the AES counter (CTR) mode, you must also configure the authentication algorithm.
The following table lists the supported and verified settings for IPsec and IKE encryption authentication
Note
algorithms on the Microsoft Windows and Linux platforms:
Platform
Microsoft iSCSI initiator,
Microsoft IPsec implementation
on Microsoft Windows 2000
platform
Cisco iSCSI initiator,
Free Swan IPsec implementation
on Linux platform

Configuring Transform Sets

To configure transform sets using Fabric Manager, follow these steps:
Step 1 Expand Switches > Security and then select IPSec in the Physical Attributes pane.
You see the IPSec configuration shown in
Cisco MDS 9000 Family CLI Configuration Guide
44-26
provides a list of allowed transform combinations for IPsec.
IPsec Transform Configuration Parameters
1
IKE
3DES, SHA-1 or MD5,
DH group 2
3DES, MD5, DH group 1
Chapter 44
Accepted Values
56-bit DES-CBC
168-bit DES
128-bit AES-CBC
1
128-bit AES-CTR
256-bit AES-CBC
1
256-bit AES-CTR
SHA-1 (HMAC variant)
MD5 (HMAC variant)
AES-XCBC-MAC
Figure 44-19.
Configuring IPsec Network Security
Keyword
esp-des
esp-3des
esp-aes 128
esp-aes 128 ctr
esp-aes 256
esp-aes 256 ctr
esp-sha1-hmac
esp-md5-hmac
esp-aes-xcbc-mac
IPsec
3DES, SHA-1
3DES, MD5
OL-16184-01, Cisco MDS SAN-OS Release 3.x