EasyManuals Logo

Cisco AP775A - Nexus Converged Network Switch 5010 User Manual

Cisco AP775A - Nexus Converged Network Switch 5010
1486 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #950 background imageLoading...
Page #950 background image
Send documentation comments to mdsfeedback-doc@cisco.com
44-16
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 44 Configuring IPsec Network Security
Optional IKE Parameter Configuration
Figure 44-10 Create IKE
Step 4 Enter the Priority for this switch. You can enter a value from one through 255, one being the highest.
Step 5 Select appropriate values for the encryption, hash, authentication, and DHGroup fields.
Step 6 Enter the lifetime for the policy. You can enter a lifetime from 600 to 86400 seconds.
Step 7 Click Create to create this policy, or click Close to discard any unsaved changes.
Note When the authentication method is rsa-sig, make sure the identity hostname is configured for IKE
because the IKE certificate has a subject name of the FQDN type.
Optional IKE Parameter Configuration
You can optionally configure the following parameters for the IKE feature:
The lifetime association within each policy—The lifetime ranges from 600 to 86,400 seconds. The
default is 86,400 seconds (equals one day). The lifetime association within each policy is configured
when you are creating an IKE policy. See the
“Configuring an IKE Policy” section on page 44-15.
The keepalive time for each peer if you use IKEv2—The keepalive ranges from 120 to 86,400
seconds. The default is 3,600 seconds (equals one hour).
The initiator version for each peer—IKE v1 or IKE v2 (default). Your choice of initiator version
does not affect interoperability when the remote device initiates the negotiation. Configure this
option if the peer device supports IKEv1 and you can play the initiator role for IKE with the
specified device. Use the following considerations when configuring the initiator version with FCIP
tunnels:
If the switches on both sides of an FCIP tunnel are running MDS SAN-OS Release 3.0(1) or
later, or Cisco NX-OS 4.1(1) you must configure initiator version IKEv1 on both sides of an
FCIP tunnel to use only IKEv1. If one side of an FCIP tunnel is using IKEv1 and the other side
is using IKEv2, the FCIP tunnel uses IKEv2.
If the switch on one side of an FCIP tunnel is running MDS SAN-OS Release 3.0(1) or later, or
Cisco NX-OS 4.1(1b) and the switch on the other side of the FCIP tunnel is running MDS
SAN-OS Release 2.x, configuring IKEv1 on either side (or both) results in the FCIP tunnel
using IKEv1.

Table of Contents

Other manuals for Cisco AP775A - Nexus Converged Network Switch 5010

Preview: Reference
Reference886 pages
Preview: Command Reference
Command Reference792 pages
Preview: Release Note
Release Note26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco AP775A - Nexus Converged Network Switch 5010 and is the answer not in the manual?

Cisco AP775A - Nexus Converged Network Switch 5010 Specifications

General IconGeneral
BrandCisco
ModelAP775A - Nexus Converged Network Switch 5010
CategorySwitch
LanguageEnglish

Related product manuals