Ipsecike Properties - Qlogic 5800V Series User Manual

5–Managing Switches
Configuring the Network

IPsecIKE Properties

Internet Key Exchange (IKE) provides a means to automatically create an IPsec
SA on both SA endpoints. This simplifies the algorithm and key setup for both
endpoints. Each endpoint must identify the remote device as IKE peer and must
specify traffic to protect using IKE policy configuration.
The IKE peer object identifies this remote device and specifies various security
parameters to use for creating the IKE initial connection. This connection is called
an IKE_SA and is an SA strictly used by the IKE protocol itself, not user data
traffic.
An IKE policy is an object used to describe the type (e.g., Telnet, FTP) of user
data traffic that you want to secure for a given IKE peer. It also specifies the
security types and parameters used to protect that data. From the Policy data, the
IKE peers will negotiate and set up an SA to provide the requested security
services.
NOTE: An SSL connection is required. Refer to
more information.
The IKE configuration consists of a list of peers and policies saved in the
database which are used to dynamically generate IPsec associations and
policies. You can also export and import configuration (XML) files.
Configuring IKE Peers
An IKE peer is an external device accessible through the management Ethernet
interface on the switch. Peer configurations are saved to the database. Use the
IKE Configuration dialog box
remove an existing peer configuration, edit a peer configuration, copy a peer
configuration to the workstation clipboard, and paste the copied peer configuration
(automatically renamed).
5-40
Managing System Services
(Figure 5-19) to add a new peer configuration,
for
59266-01 B