Send documentation comments to mdsfeedback-doc@cisco.com
44-26
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 44 Configuring IPsec Network Security
Crypto IPv4-ACLs
Note When you enable IPsec, the Cisco NX-OS software automatically creates a default transform set
(ipsec_default_tranform_set) using AES-128 encryption and SHA-1 authentication algorithms.
Table 44-2 provides a list of allowed transform combinations for IPsec.
The following table lists the supported and verified settings for IPsec and IKE encryption authentication
algorithms on the Microsoft Windows and Linux platforms:
Configuring Transform Sets
To configure transform sets using Fabric Manager, follow these steps:
Step 1 Expand Switches > Security and then select IPSec in the Physical Attributes pane.
You see the IPSec configuration shown in Figure 44-19.
Ta b l e 44-2 IPsec Transform Configuration Parameters
Parameter Accepted Values Keyword
encryption algorithm 56-bit DES-CBC
168-bit DES
128-bit AES-CBC
128-bit AES-CTR
1
256-bit AES-CBC
256-bit AES-CTR
1
1. If you configure the AES counter (CTR) mode, you must also configure the authentication algorithm.
esp-des
esp-3des
esp-aes 128
esp-aes 128 ctr
esp-aes 256
esp-aes 256 ctr
hash/authentication algorithm
1
(optional)
SHA-1 (HMAC variant)
MD5 (HMAC variant)
AES-XCBC-MAC
esp-sha1-hmac
esp-md5-hmac
esp-aes-xcbc-mac
Platform IKE IPsec
Microsoft iSCSI initiator,
Microsoft IPsec implementation
on Microsoft Windows 2000
platform
3DES, SHA-1 or MD5,
DH group 2
3DES, SHA-1
Cisco iSCSI initiator,
Free Swan IPsec implementation
on Linux platform
3DES, MD5, DH group 1 3DES, MD5
To Next Page
Loading...
Need help?
General
