Ipsec over management ports, Enabling the ethernet ipsec policies, Establishing an ike policy – Dell POWEREDGE M1000E User Manual

236

Web Tools Administrator’s Guide

53-1001772-01

IPsec over management ports

17

DRAFT: BROCADE CONFIDENTIAL

4. Assign a policy number.

The Policy Number selector allows you to select a number between 1 and 32.

5. Select the Encryption Algorithm used in this policy.

The choices are 3DES, AES-128, and AES_256.

6. Select an Authentication Algorithm for this policy.

The choices are SHA-1, MD5, and AES-XCBC. The remaining three fields are grayed out. They
apply only to IKE policies.

7. Click OK.

IPsec over management ports

IPsec can be applied to the management port on a switch or a CP blade to establish a secure
connection between a PC or workstation and Web Tools. The connection can be used as a virtual
private network (VPN) interface to Web Tools.

At a high level, the steps to take are:

•

Access the Ethernet IPsec Policies dialog box.

•

Enable IPsec.

•

Create an IKE policy for authentication.

•

Create an security association (SA).

•

Create an SA proposal.

•

Add a IPsec Transform policy, referencing the IKE policy and the SA proposal.

•

Add an IPsec selector that allows you to apply a Transform policy to a specific IP flow.

Enabling the Ethernet IPsec policies

Use the following procedure to access the Ethernet IPsec Policies dialog box.

1. Open the Switch Administration window.

2. Select Show Advanced Mode.

3. Select the Security Policies tab.

4. Under Security Policies, select Ethernet IPsec.

The Ethernet IPsec Policies screen displays.

5. Ethernet IPsec policies can be configured only after enabling IPsec by clicking the Enable

button below the Ethernet IPsec policies table.

Establishing an IKE policy

When you establish an IKE policy, you identify a set of algorithms and authentication rules and
parameters to use in a key exchange. Refer to the Fabric OS Administrator’s Guide for details on
IKE functionality.