Chapter 37
Configuring IPsec Network Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Figure 37-1
About IKE
IKE automatically negotiates IPsec security associations and generates keys for all switches using the
IPsec feature. Specifically, IKE provides these benefits:
•
•
•
•
IKE is not supported on the Cisco Fabric Switch for HP c-Class BladeSystem and the Cisco Fabric
Note
Switch for IBM BladeSystem.
IPsec Prerequisites
To use the IPsec feature, you need to perform the following tasks:
•
•
OL-18084-01, Cisco MDS NX-OS Release 4.x
FCIP and iSCSI Scenarios Using MPS-14/2 Modules
IPSec for
securing
iSCSI traffic
MDS_Switch1
FC
FC
FC Servers
iSCSI Servers
Allows you to refresh IPsec SAs.
Allows IPsec to provide anti-replay services.
Supports a manageable, scalable IPsec configuration.
Allows dynamic authentication of peers.
Obtain the ENTERPRISE_PKG license (see
Configure IKE as described in the
iSCSI Servers
IPSec for
securing
FCIP traffic
MDS_Switch 2
WAN
IPsec for securing
traffic between
MDS and router
WAN
Chapter 3, "Obtaining and Installing
"About IKE Initialization" section on page
Cisco MDS 9000 Family CLI Configuration Guide
FC
FC
MDS_Switch 3
FC
FC
MDS
Nonsecure
connection
Secure
connection
Licenses").
37-10.
About IKE
37-3