Establishing an ike policy for an fcip tunnel, Establishing an ipsec policy for an fcip tunnel – Dell POWEREDGE M1000E User Manual

Page 263

Advertising
background image

Web Tools Administrator’s Guide

235

53-1001772-01

IPsec over FCIP

17

DRAFT: BROCADE CONFIDENTIAL

3. Select the Security Policies tab.

4. Under Security Policies, select IPsec Policies.

The IPsec Policies window displays. The default view shows the IKE tab.

Establishing an IKE policy for an FCIP tunnel

Use the following procedure to establish an IKE policy for an FCIP tunnel.

1. From the IKE tab of the IPsec Policies screen, select Create.

The Add Policy dialog box displays.

2. Policy Type provides a way to toggle between the IKE and IPsec Add Policy dialog box boxes.

Make sure the Policy Type is set to IKE.

3. Assign a policy number.

The Policy Number selector allows you to select a number between 1 and 32.

4. Select the Encryption Algorithm used in this policy.

The choices are 3DES, AES-128, and AES_256.

5. Select an Authentication Algorithm for this policy.

The choices are SHA-1, MD5, and AES-XCBC.

6. Turn Perfect Forward Secrecy on or off.

The default is On. Perfect Forward Secrecy (PFS) provides additional security by means of a
Diffie-Hellman shared secret value. With PFS, if one key is compromised, previous and
subsequent keys are secure because they are not derived from previous keys.

7. Select a Diffie-Hellman Group association.

The choices are 1 (modp768) and 14 (modp2048).

8. Set a Security Association Lifetime (in seconds).

The Security Association Lifetime is a time value in seconds. When this timer expires, the
security association (SA) is rekeyed. This limits the amount of time a given key is available to a
potential attacker.

9. Click OK.

Establishing an IPsec policy for an FCIP tunnel

Use the following procedure to establish an IPsec policy for an FCIP tunnel.

1. Select the IPsec tab.

The IPsec Policies window displays.

2. Select Create.

An Add Policy dialog box displays.

3. Policy Type provides a way to toggle between the IKE and IPsec Add Policy dialog boxes.

Make sure the Policy Type is set to IPSEC.

Advertising
Popular Brands
Popular manuals