Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsSwitch300
241242243244245246247248249250
218 Web Tools Administrator’s Guide
53-1002934-02
IPsec over management ports
16
IPsec over management ports
IPsec can be applied to the management port on a switch or a CP blade to establish a secure
connection between a PC or workstation and Web Tools. The connection can be used as a virtual
private network (VPN) interface to Web Tools.
At a high level, the steps to take are:
Access the Ethernet IPsec Policies dialog box.
Enable IPsec.
Create an IKE policy for authentication.
Create an security association (SA).
Create an SA proposal.
Add a IPsec Transform policy, referencing the IKE policy and the SA proposal.
Add an IPsec selector that allows you to apply a Transform policy to a specific IP flow.
Enabling the Ethernet IPsec policies
To access the Ethernet IPsec Policies dialog box, perform the following steps.
1. Open the Switch Administration window.
2. Select Show Advanced Mode.
3. Select the Security Policies tab.
4. Under Security Policies, select Ethernet IPsec.
The Ethernet IPsec Policies dialog box displays.
5. Ethernet IPsec policies can be configured only after enabling IPsec by clicking the Enable
button below the Ethernet IPsec policies table.
Establishing an IKE policy
When you establish an IKE policy, you identify a set of algorithms and authentication rules and
parameters to use in a key exchange. Refer to the Fabric OS Administrator’s Guide for details on
IKE functionality.
To establish an IKE policy, perform the following steps.
1. Select the IKE tab on the IPsec Policies window for Ethernet IPsec.
The Add IKE Policy dialog box displays.
2. Enter an IKE Policy Name.
3. Enter the IP address of the authentication partner in the Peer IP Address field.
4. Enter the switch’s local identifier in the Local Identifier field.
This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name.
5. Enter the identifier of the remote peer switch in Peer Identifier.
This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name.
6. Select the Encryption Algorithm option.