Send documentation comments to mdsfeedback-doc@cisco.com
44-10
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 44 Configuring IPsec Network Security
Configuring IPsec Using FCIP Wizard
• If the peer asks for a certificate which is signed by a CA that it trusts, then IKE uses that certificate,
if it exists on the switch, even if it is not the default certificate.
• If the default certificate is deleted, the next IKE or general usage certificate, if any exists, is used by
IKE as the default certificate.
• Certificate chaining is not supported by IKE.
• IKE only sends the identity certificate, not the entire CA chain. For the certificate to be verified on
the peer, the same CA chain must also exist there.
Configuring IPsec Using FCIP Wizard
Fabric Manager simplifies the configuration of IPsec and IKE by enabling and configuring these features
as part of the FCIP configuration using the FCIP Wizard. See the
“Using the FCIP Wizard” section on
page 48-8.
To enable IPsec using the FCIP Wizard in Fabric Manager, follow these steps:
Step 1 Click the FCIP Wizard icon in the toolbar.
Figure 44-5 FCIP Wizard
Step 2 Choose the switches that act as endpoints for the FCIP link and click Next.
Note These switches must have MPS-14/2 modules installed to configure IPsec on this FCIP link.
Step 3 Choose the Gigabit Ethernet ports on each MPS-14/2 module that will form the FCIP link.
Step 4 Check the Enforce IPSEC Security check box and set IKE Auth Key (see Figure 44-6).
To Next Page
Loading...
Need help?
General
