Manually creating an sa – Dell POWEREDGE M1000E User Manual

Page 268

Advertising
background image

240

Web Tools Administrator’s Guide

53-1001772-01

IPsec over management ports

17

DRAFT: BROCADE CONFIDENTIAL

Manually creating an SA

Part of manually creating an SA is to select an IPsec Protection Type. The choices are discard,
bypass, and protect:

Discard causes data packets to be rejected if there is an invalid pair of source and destination
addresses or invalid port addresses.

Bypass allows a data packet to be transmitted or received without IPsec protection.

Process indicates a data packet is processed using IPsec encryption, IKE authentication, or
both, using encapsulation security protocol (ESP) processing, or authentication header (AH)
protocol processing.

Use the following procedure to manually create a security association (SA).

1. Select the SA(Manual) tab.

2. Select Add.

The Add Manual-SA dialog box displays.

3. Enter a security parameter index number in the SPI (Hexadecimal) field.

The SPI must be manually applied when manually adding an SA.

4. Enter the IP address of the endpoint that sends the SA in the Source IP Address field.

5. Enter the IP address of the endpoint that receives the SA in the Peer IP Address field.

6. Select the protocol used to carry the transmission using the Protocol Name selector.

7. Select the Traffic Flow Direction (in or out).

IPsec policies are unidirectional, and must be applied separately to inbound and outbound
flows.

-

For the flow from peer to source, select in.

-

For the flow from source to peer select out.

8. Select the IPsec Mode.

The choices are Transport or Tunnel. Refer to

“Transport mode and tunnel mode”

on page 229

if you are unfamiliar with Transport and Tunnel modes.

9. Select the IPsec Protocol.

The choices are ah (for authentication header) and esp (for encapsulated security protocol).

10. Select the IPsec Protection Type option.

11. Select the Authentication Algorithm option.

12. Enter or copy a generated encryption key in the Encryption Key field.

13. Select the Encryption Algorithm.

14. Enter or copy a generated authentication key in the Authentication Key field.

15. Optional: Enter a local and peer tunnel IP address.

16. Click OK.

Advertising
Popular Brands
Popular manuals