Default Settings - Cisco MDS 9000 Series Configuration Manual
Security
Hide thumbs
Also See for MDS 9000 Series:
- Command reference manual (1464 pages) ,
- Configuration manual (344 pages) ,
- Troubleshooting manual (161 pages)
Table of Contents
Advertisement
Configuring IPSec Network Security
To configure IPsec for the iSCSI scenario shown in
follow these steps:
Procedure
Step 1
Configure the ACLs in Switch MDS A.
sw10.1.1.100# configure terminal
sw10.1.1.100(config)# ip access-list acl1 permit tcp 10.10.1.0 0.0.0.255 range port 3260
3260 12.12.1.0 0.0.0.255
Step 2
Configure the transform set in Switch MDS A.
sw10.1.1.100(config)# crypto transform-set domain ipsec tfs-01 esp-3des esp-md5-hmac
Step 3
Configure the crypto map in Switch MDS A.
sw10.1.1.100(config)# crypto map domain ipsec cmap-01 1
sw10.1.1.100(config-crypto-map-ip)# match address acl1
sw10.1.1.100(config-crypto-map-ip)# set peer auto-peer
sw10.1.1.100(config-crypto-map-ip)# set transform-set tfs-01
sw10.1.1.100(config-crypto-map-ip)# end
sw10.1.1.100#
Step 4
Bind the interface to the crypto map set in Switch MDS A.
sw10.1.1.100# configure terminal
sw10.1.1.100(config)# int gigabitethernet 7/1
sw10.1.1.100(config-if)# ip address 10.10.1.123 255.255.255.0
sw10.1.1.100(config-if)# crypto map domain ipsec cmap-01
sw10.1.1.100(config-if)# no shut
sw10.1.1.100(config-if)# end
sw10.1.1.100#
You have now configured IPsec in MDS A using the Cisco MDS IPsec and iSCSI features.
Default Settings
The following table lists the default settings for IKE parameters.
Table 15: Default IKE Parameters
Parameters
IKE
IKE version
IKE encryption algorithm
IKE hash algorithm
IKE authentication method
Figure 17: iSCSI with End-to-End Ipsec, on page
Default
Disabled.
IKE version 2.
3DES.
SHA.
Not configurable (uses preshared Preshared keys).
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Default Settings
208,
209
Advertisement
Chapters
Table of Contents
