Creating An Sa Proposal - Brocade Communications Systems StoreFabric SN6500B Administrator's Manual

15
IPsec over management ports
To create a security association, perform the following steps.
1. Select the IPsec tab.
2. Select the SA tab.
3. Select Add.
4. Enter a name for the SA in the SA Name field.
5. Select the IPsec Protocol. option.
6. Select the Authentication Algorithm option.
7.
8. Optionally, enter a value in the SPI number field.
9. Click OK.

Creating an SA proposal

An SA proposal is sent from one endpoint to another to negotiate IKE and IPsec policies. An SA
proposal contains one or more security associations (SA). The endpoints must find a match for
each of the following in the SAs sent in the SA proposal:
•
•
•
•
•
•
•
•
To create an SA proposal, perform the following steps.
1. Select the SA Proposal tab on the IPsec Policies screen.
2. Select Add.
3. Enter a name in the SA Proposal Name field.
4. Enter the SAs in the SA(s) to use field.
5. Optionally, define SA lifetime parameters.
196
The IPsec Policies screen displays.
The Add SA dialog box displays.
The choices are ah (for authentication header) and esp (for encapsulated security protocol).
Select the Encryption Algorithm option.
A Security Parameter Index (SPI) number is automatically assigned, but may be manually
overridden.
The IKE authentication method.
The IKE encryption algorithm.
The IKE hash algorithm.
The Diffie-Hellman group number.
The IKE SA lifetime.
The IP addresses of the endpoints.
The IPsec protocol (AH or ESP).
The IPsec Transform policy.
The Add-SA Proposal dialog box displays.
Web Tools Administrator's Guide
53-1002756-01