HP StorageWorks 4/32 Brocade Web Tools Administrator's Guide v6.3.0 (53-100134 - Page 299
Creating a security association (SA), Peer Public Key filename
View all HP StorageWorks 4/32 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 299 highlights
IPSec over management ports 17 5. Type the identifier of the remote peer switch in Peer Identifier. This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name. 6. Choose the Encryption Algorithm. the choices are 3des_cbc, null_enc, aes128_cbc, and aes256_cbc. 7. Choose the Hash Algorithm. The choices are hmac_md5 and hmac_sha1. 8. Choose the PRF Algorithm. The choices are hmac_md5 and hmac_sha1. 9. Choose the DH Group Number. The choices are 1(modp768), 2(modp1024), and 14(modp2048). 10. Choose the Authentication Method. The choices are psk, dss, and rsasig. 11. If PSK is chosen as the authentication method, type the name of the file that holds the pre-shared key in the Pre-Shared Key filename field. 12. If you are using an X.509 certificate for authentication, type the appropriate file names in the Public Key filename, Private Key filename, and Peer Public Key filename fields in PEM format. 13. Use the PFS selector to turn Perfect Forward Secrecy (PFS) on or off. PFS provides additional security by means of a Diffie-Hellman shared secret value. With PFS, if one key is compromised, previous and subsequent keys are secure because they are not derived from previous keys. Creating a security association (SA) A security association (SA) describes a set of parameters for providing secure communications between two endpoints. 1. Select the IPSec tab. The IPSec Policies screen is displayed. 2. Select the SA tab. 3. Select Add. The Add SA dialog box is displayed (Figure 141). FIGURE 141 Add SA dialog box Web Tools Administrator's Guide 267 53-1001343-01