Brocade Web Tools Administrator's Guide - Supporting Fabric OS v7.0.0 (53-1002152-01, March 2012)
Web Tools Adminstrator’s Guide 209
53-1002152-01
IPsec over management ports
16
Creating a security association
A security association (SA) describes a set of parameters for providing secure communications
between two endpoints.
To create a security association, perform the following steps.
1. Select the IPsec tab.
The IPsec Policies screen displays.
2. Select the SA tab.
3. Select Add.
The Add SA dialog box displays.
4. Enter a name for the SA in the SA Name field.
5. Select the IPsec Protocol. option.
The choices are ah (for authentication header) and esp (for encapsulated security protocol).
6. Select the Authentication Algorithm option.
7. Select the Encryption Algorithm option.
8. Optionally, enter a value in the SPI number field.
A Security Parameter Index (SPI) number is automatically assigned, but may be manually
overridden.
9. Click OK.
Creating an SA proposal
An SA proposal is sent from one endpoint to another to negotiate IKE and IPsec policies. An SA
proposal contains one or more security associations (SA). The endpoints must find a match for
each of the following in the SAs sent in the SA proposal:
• The IKE authentication method.
• The IKE encryption algorithm.
• The IKE hash algorithm.
• The Diffie-Hellman group number.
• The IKE SA lifetime.
• The IP addresses of the endpoints.
• The IPsec protocol (AH or ESP).
• The IPsec Transform policy.
To create an SA proposal, perform the following steps.
1. Select the SA Proposal tab on the IPsec Policies screen.
2. Select Add.
The Add-SA Proposal dialog box displays.
3. Enter a name in the SA Proposal Name field.
4. Enter the SAs in the SA(s) to use field.