Ipsec Parameters - Brocade Communications Systems Brocade 6505 Administrator's Manual
Fabric os fcip
Hide thumbs
Also See for Brocade 6505:
- Command reference manual (276 pages) ,
- Hardware installation manual (85 pages) ,
- Hardware reference manual (60 pages)
Table of Contents
Advertisement
3
IPsec implementation over FCIP
3. IKE negotiates SA parameters, setting up matching SAs in the peers. Some of the negotiated
4. Data is transferred between IPsec peers based on the IPsec parameters and keys stored in the
5. IPsec tunnel termination. SA lifetimes terminate through deletion or by timing out.
All of these steps require that the correct policies have been created. Because policy creation is an
independent procedure from FCIP tunnel creation, you must know which IPsec configurations have
been created. This ensures that you choose the correct configurations when you enable an IPsec
tunnel.
The first step to configuring IPsec is to create a policy for IKE and a policy for IPsec. Once the
policies have been created, you assign the policies when creating the FCIP tunnel.
IKE negotiates SA parameters and authenticates the peer using the preshared key authentication
method. Once the two phases of the negotiation are completed successfully, the actual encrypted
data transfer can begin.
IPsec policies are managed using the policy command.
You can configure up to 32 IKE and 32 IPsec policies. Policies cannot be modified; they must be
deleted and recreated in order to change the parameters. You can delete and recreate any policy
as long as the policy is not being used by an active FCIP tunnel.
Each FCIP tunnel is configured separately and may have the same or different IKE and IPsec
policies as any other tunnel. Only one IPsec tunnel can be configured for each GbE port.
IPsec parameters
When creating policies, the parameters listed in
TABLE 11
Parameter
IKE negotiation protocol
ESP
IKE negotiation authentication method
3DES encryption
AES encryption
The parameters listed in
TABLE 12
Parameter
Encryption Algorithm
Authentication Algorithm
60
SA parameters include encryption and authentication algorithms, Diffie-Hellman key exchange,
and SA lifetimes.
SA database.
Fixed policy parameters
Table 12
Modifiable policy parameters
Table 11
are fixed and cannot be modified.
Fixed Value
Main mode
Tunnel mode
Preshared key
Key length of 168 bits
Key length of 128 or 256
can be modified.
Description
3DES—168-bit key
AES-128—128-bit key (default)
AES-256—256-bit key
SHA-1—Secure Hash Algorithm (default)
MD5—Message Digest 5
AES-XCBC—Used only for IPsec
Fabric OS FCIP Administrator's Guide
53-1002474-01
Advertisement
Table of Contents
