Brocade Web Tools Administrator's Guide - Supporting Fabric OS v7.0.0 (53-1002152-01, March 2012)
206 Web Tools Adminstrator’s Guide
53-1002152-01
IPsec over FCIP
16
• Create a security association (SA).
• Create an SA proposal.
• Add an IPsec Transform policy, referencing the IKE policy and the SA proposal.
• Add an IPsec selector that allows you to apply a Transform policy to a specific IP flow.
• Enable the policy.
FCIP Compression
The FCIP tunnel compression mode allows IP packets to be compressed over the FCIP. The modes
available are None, Moderate, and Auto. FCIP tunnel configuration is available in Brocade Network
Advisor.
Accessing the IPsec Policies dialog box
To access the IPsec Policies dialog box, perform the following steps.
1. Open the Switch Administration window.
2. Select Show Advanced Mode.
3. Select the Security Policies tab.
4. Under Security Policies, select IPsec Policies.
The IPsec Policies window displays. The default view shows the IKE tab.
Establishing an IKE policy for an FCIP tunnel
To establish an IKE policy for an FCIP tunnel, perform the following steps.
1. From the IKE tab of the IPsec Policies screen, select Create.
The Add Policy dialog box displays.
2. Policy Type provides a way to toggle between the IKE and IPsec Add Policy dialog box boxes.
Make sure the Policy Type is set to IKE.
3. Assign a policy number.
The Policy Number selector allows you to select a number between 1 and 32.
4. Select the Encryption Algorithm used in this policy.
The choices are 3DES, AES-128, and AES_256.
5. Select an Authentication Algorithm for this policy.
The choices are SHA-1, MD5, and AES-XCBC.
6. Turn Perfect Forward Secrecy on or off.
The default is On. Perfect Forward Secrecy (PFS) provides additional security by means of a
Diffie-Hellman shared secret value. With PFS, if one key is compromised, previous and
subsequent keys are secure because they are not derived from previous keys.
7. Select a Diffie-Hellman Group association.
The choices are 1 (modp768) and 14 (modp2048).