HP AE370A Brocade Web Tools Administrator's Guide v6.0.0 (53-1000606-01, April - Page 219
Configuring an FCIP interswitch/interfabric link, Configuring an IKE or IPSEC Policy
![]() |
UPC - 882780362611
View all HP AE370A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 219 highlights
Configuring an FCIP interswitch/interfabric link 17 TABLE 12 Field IKE/IPSec Configuration Choices (Continued) Description Choices Diffie-Hellman (D-H) Diffie-Hellman key exchange is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher IKE 1 or 14 IPSec disabled Security Association Lifetime This specifies the lifetime in seconds of the security association and a new key will be renegotiated before this value expires if PFS is on. The security association will expire when either this value or the value lifetime is reached. Specify the number of seconds Configuring an FCIP interswitch/interfabric link Perform the following tasks in the order indicated to configure FCIP interswitch/interfabric link: 1. (Optional) "Configuring an IKE or IPSEC Policy" on page 199. If you are planning to use IPSec, you must configure the policies first. 2. "Configuring Virtual Ports" on page 200. 3. "Interfaces, Routes, and Tunnels" on page 201. Use the wizard to perform the following tasks: a. Defining the IP interfaces of the GbE port. b. Adding IP routes on the GbE port (optional). c. Configuring FCIP tunnels. 4. "Enabling Persistently Disabled Ports" on page 203. Enabling the two VE_ports at this juncture will merge the two fabrics. You must configure and enable both the local and remote switch ports to use the FCIP ISL/IFL. NOTE Admin Domain membership is required to configure IP interfaces, routes, and tunnels. Configuring an IKE or IPSEC Policy Before you begin to create an FCIP interswitch/interfabric link, you need to determine whether to implement an IKE/IPSec policy. Once you begin to create the tunnels with the wizard, you must provide the IKE/IPSec policy information. If you choose not to implement an IKE/IPSec policy, you can always choose No Policy from the drop-down menu in the FCIP tunnel wizard. You must create an IKE policy and an IPSec policy to apply IPSec to an FCIP tunnel. 1. Open the Switch Administration window. 2. Select the Security Policies tab. 3. Click IPSec Policies on the Security Policies menu. Web Tools Administrator's Guide 199 53-1000606-01
![](/manual_guide/products/hewlettpackard-ae370a-brocade-web-tools-administrators-guide-v600-53100060601-2008-3620774/219.png)