Using IPsec
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
The IPsec feature inserts new headers in existing packets (see
Note
section on page 46-3
Using IPsec
To use the IPsec feature, follow these steps:
Obtain the ENTERPRISE_PKG license to enable IPSEC for iSCSI to enable IPsec for FCIP. See
Step 1
Chapter 3, "Obtaining and Installing Licenses."
Configure IKE as described in the
Step 2
Note
This section contains the following topics:
•
•
•
•
IPsec Compatibility
IPsec features are compatible with the following Cisco MDS 9000 Family hardware:
•
•
•
•
IPsec features are compatible with the following fabric setup:
•
•
•
Cisco MDS 9000 Family CLI Configuration Guide
37-4
for more information).
The IPsec feature inserts new headers in existing packets (see the
Size" section on page 46-3
IPsec Compatibility, page 37-4
IPsec and IKE Terminology, page 37-5
Supported IPsec Transforms and Algorithms, page 37-6
Supported IKE Transforms and Algorithms, page 37-6
Cisco 18/4-port Multi-Service Module (MSM-18/4) modules and MDS 9222i Module-1 modules.
Cisco 14/2-port Multiprotocol Services (MPS-14/2) modules in Cisco MDS 9200 Switches or Cisco
MDS 9500 Directors
Cisco MDS 9216i Switch with the 14/2-port multiprotocol capability in the integrated supervisor
module. Refer to the Cisco MDS 9200 Series Hardware Installation Guide for more information on
the Cisco MDS 9216i Switch.
The IPsec feature is not supported on the management interface.
Two connected Cisco MDS 9200 Switches or Cisco MDS 9500 Directors running Cisco MDS
SAN-OS Release 2.0(1b) or later, or Cisco NX-OS 4.1(1).
A Cisco MDS 9200 Switches or Cisco MDS 9500 Directors running Cisco MDS SAN-OS Release
2.0(1b) or later, or Cisco NX-OS 4.1(1) connected to any IPsec compliant device.
The following features are not supported in the Cisco NX-OS implementation of the IPsec feature:
–
Authentication Header (AH).
Transport mode.
–
"Manually Configuring IPsec and IKE" section on page
for more information).
Chapter 37
Configuring IPsec Network Security
the"Configuring the MTU Frame Size"
"Configuring the MTU Frame
OL-18084-01, Cisco MDS NX-OS Release 4.x
37-10.