Cisco Systems MDS 9000 Video Gaming Accessories User Manual

Open as PDF

of 520

Send documentation comments to mdsfeedback-doc@cisco.com.

29-9

Cisco MDS 9000 Family Fabric Manager Configuration Guide

OL-6965-03, Cisco MDS SAN-OS Release 2.x

Chapter 29 IPsec and IKE

Modifying IKE and IPsec

To verify that IPsec and IKE are enabled using Fabric Manager, follow these steps:

Step 1 Choose Switches > Security > IPSEC in the Physical Attributes pane. You see the IPsec configuration

in the Information pane.

Step 2 Choose the Control tab and verify that the switches you want to modify for IPsec are enabled in the

Status column.

Step 3 Choose Switches > Security > IKE in the Physical Attributes pane. You see the IKE configuration in

the Information pane.

Step 4 Choose the Control tab and verify that the switches you want to modify for IKE are enabled in the Status

column.

Crypto ACL Guidelines

Follow these guidelines when configuring ACLs for the IPsec feature:

• The permit option causes all IP traffic that matches the specified conditions to be protected by

crypto, using the policy described by the corresponding crypto map entry.

• The deny option prevents traffic from being protected by crypto. The first deny statement causes the

traffic to be in clear text.

• The crypto ACL you define is applied to an interface after you define the corresponding crypto map

entry and apply the crypto map set to the interface.

• Different ACLs must be used in different entries of the same crypto map set.

• Inbound and outbound traffic is evaluated against the same outbound IPsec ACL. Therefore, the

ACL's criteria is applied in the forward direction to traffic exiting your switch, and the reverse

direction to traffic entering your switch.

• In Figure 29-4, IPsec protection is applied to traffic between Host 10.0.0.1 and Host 20.0.0.2 as the

data exits switch A's S0 interface enroute to Host 20.0.0.2. For traffic from Host 10.0.0.1 to Host

20.0.0.2, the ACL entry on switch A is evaluated as follows:

–

source = host 10.0.0.1

–

dest = host 20.0.0.2

For traffic from Host 20.0.0.2 to Host 10.0.0.1, that same ACL entry on switch A is evaluated as

follows:

–

source = host 20.0.0.2

–

dest = host 10.0.0.1

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems MDS 9000 Video Gaming Accessories User Manual