Creating a security association – Dell POWEREDGE M1000E User Manual
Page 265
Web Tools Administrator’s Guide
237
53-1001772-01
IPsec over management ports
17
DRAFT: BROCADE CONFIDENTIAL
Use the following procedure to establish an IKE policy.
1. Select the IKE tab on the IPsec Policies window for Ethernet IPsec.
The Add IKE Policy dialog box displays.
2. Enter an IKE Policy Name.
3. Enter the IP address of the authentication partner in the Peer IP Address field.
4. Enter the switch’s local identifier in the Local Identifier field.
This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name.
5. Enter the identifier of the remote peer switch in Peer Identifier.
This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name.
6. Select the Encryption Algorithm option.
7. Select the Hash Algorithm option.
8. Select the PRF Algorithm option.
9. Select the DH Group Number option.
10. Select the Authentication Method option.
11. If PSK is chosen as the authentication method, enter the name of the file that holds the
pre-shared key in the Pre-Shared Key filename field.
12. If you are using an X.509 certificate for authentication, enter the appropriate file names in the
Public Key filename, Private Key filename, and Peer Public Key filename fields in PEM format.
13. Use the PFS selector to turn Perfect Forward Secrecy (PFS) on or off.
PFS provides additional security by means of a Diffie-Hellman shared secret value. With PFS, if
one key is compromised, previous and subsequent keys are secure because they are not
derived from previous keys.
Creating a security association
A security association (SA) describes a set of parameters for providing secure communications
between two endpoints.
Use the following procedure to create a security association.
1. Select the IPsec tab.
The IPsec Policies screen displays.
2. Select the SA tab.
3. Select Add.
The Add SA dialog box displays.
4. Enter a name for the SA in the SA Name field.
5. Select the IPsec Protocol. option.
The choices are ah (for authentication header) and esp (for encapsulated security protocol).
6. Select the Authentication Algorithm option.
7. Select the Encryption Algorithm option.