Send documentation comments to mdsfeedback-doc@cisco.com
44-17
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 44 Configuring IPsec Network Security
Optional IKE Parameter Configuration
Note Only IKE v1 is supported to build IPsec between 2.x and 3.x MDS switches.
Caution You may need to configure the initiator version even when the switch does not behave as an
IKE initiator under normal circumstances. Always using this option guarantees a faster
recovery of traffic flows in case of failures.
Tip The keepalive time only applies to IKEv2 peers and not to all peers.
Note When IPsec implementations in the host prefer to initiate the IPsec rekey, be sure to configure the IPsec
lifetime value in the Cisco MDS switch to be higher than the lifetime value in the host.
This section includes the following topics:
• Configuring the Keepalive Time for a Peer, page 44-17
• Configuring the Initiator Version, page 44-18
• Clearing IKE Tunnels or Domains, page 44-20
• Refreshing SAs, page 44-20
Configuring the Keepalive Time for a Peer
To configure the keepalive time for each peer using Fabric Manager, follow these steps:
Step 1 Expand Switches > Security and then select IKE.
You see the IKE configuration in the Information pane (see Figure 44-11).
To Next Page
Loading...
Need help?
General
