Send documentation comments to mdsfeedback-doc@cisco.com
44-3
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 44 Configuring IPsec Network Security
About IKE
Figure 44-1 FCIP and iSCSI Scenarios Using MPS-14/2 Modules
About IKE
IKE automatically negotiates IPsec security associations and generates keys for all switches using the
IPsec feature. Specifically, IKE provides these benefits:
• Allows you to refresh IPsec SAs.
• Allows IPsec to provide anti-replay services.
• Supports a manageable, scalable IPsec configuration.
• Allows dynamic authentication of peers.
Note IKE is not supported on the Cisco Fabric Switch for HP c-Class BladeSystem and the Cisco Fabric
Switch for IBM BladeSystem.
IPsec Prerequisites
To use the IPsec feature, you need to perform the following tasks:
• Obtain the ENTERPRISE_PKG license (see Chapter 10, “Obtaining and Installing Licenses”).
• Configure IKE as described in the “About IKE Initialization” section on page 44-13.
FCFC
FCFC
FCFC
MDS_Switch1
WAN
WAN
MDS
iSCSI Servers
IPSec for
securing
FCIP traffic
IPSec for
securing
iSCSI traffic
FC Servers
iSCSI Servers
120481
MDS_Switch 2 MDS_Switch 3
IPsec for securing
traffic between
MDS and router
Nonsecure
connection
Secure
connection
To Next Page
Loading...
Need help?
General
