hit counter script

Manually Configuring Ipsec And Ike; About Ike Initialization - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

Cisco mds 9000 family cli configuration guide - release 4.x (ol-18084-01, february 2009)
Hide thumbs Also See for AP776A - Nexus Converged Network Switch 5020:
Table of Contents

Advertisement

Manually Configuring IPsec and IKE

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Manually Configuring IPsec and IKE
This section describes how to manually configure IPsec and IKE .
IPsec provides secure data flows between participating peers. Multiple IPsec data flows can exist
between two peers to secure different data flows, with each tunnel using a separate set of SAs.
After you have completed IKE configuration, configure IPsec.
To configure IPsec in each participating IPsec peer, follow these steps:
Identify the peers for the traffic to which secure tunnels should be established.
Step 1
Step 2
Configure the transform set with the required protocols and algorithms.
Step 3
Create the crypto map and apply access control lists (IPv4-ACLs), transform sets, peers, and lifetime
values as applicable.
Apply the crypto map to the required interface.
Step 4
This section contains the following topics:

About IKE Initialization

The IKE feature must first be enabled and configured so the IPsec feature can establish data flow with
the required peer. Fabric Manager initializes IKE when you first configure it.
You cannot disable IKE if IPsec is enabled. If you disable the IKE feature, the IKE configuration is
cleared from the running configuration.
Cisco MDS 9000 Family CLI Configuration Guide
37-10
If the peer asks for a certificate which is signed by a CA that it trusts, then IKE uses that certificate,
if it exists on the switch, even if it is not the default certificate.
If the default certificate is deleted, the next IKE or general usage certificate, if any exists, is used by
IKE as the default certificate.
Certificate chaining is not supported by IKE.
IKE only sends the identity certificate, not the entire CA chain. For the certificate to be verified on
the peer, the same CA chain must also exist there.
About IKE Initialization, page 37-10
About the IKE Domain, page 37-11
Configuring the IKE Domain, page 37-11
About IKE Tunnels, page 37-11
About IKE Policy Negotiation, page 37-11
Configuring an IKE Policy, page 37-13
Chapter 37
Configuring IPsec Network Security
OL-18084-01, Cisco MDS NX-OS Release 4.x

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents