Brocade Web Tools Administrator's Guide v6.2.0 (53-1001194-01, April 2009)
Web Tools Administrator’s Guide 239
53-1001194-01
IPSec Concepts
17
IPSec Concepts
Internet Security Protocol (IPSec) is a set of open standards that provide cryptographic security
services for IP networks. Several protocols are available for providing authentication and secure
transmission of data.
From Web Tools, you can establish IPSec policies for FCIP implementations on7500 extension
switches and FR4-18i blades, and you can establish IPSec policies for IP interfaces that provide
management access to switches and control processors.
There are several protocols and algorithms that can be applied. Choosing the protocols and
algorithms you want to use may be a matter of adapting to an implementation that is already in
place in your LAN, or you may need to do a significant amount of research and planning. The
supported protocols and algorithms are defined and described in the RFCs listed in Table 19.
TABLE 19 Relevant RFCs
RFC Number Title
RFC 4301 Security Architecture for the Internet Protocol
RFC 4302 IP Authentication Header
RFC 4303 IP Encapsulating Security Payload
RFC 4304 Extended Sequence Number (ESN) Addendum
to IPsec Domain of Interpretation (DOI) for
Internet Security Association and Key
Management Protocol (ISAKMP)
RFC 4305 Cryptographic Algorithm Implementation
Requirements for Encapsulating Security
Payload (ESP) and Authentication Header
RFC 4869 Suite B Cryptographic Suites for IPSec
RFC 4309 Using Advanced Encryption Standard (AES)
CCM Mode with IPsec Encapsulating Security
Payload (ESP)
RFC 4306 Internet Key Exchange Version 2 (IKEv2)
Protocol
RF C4307 Cryptographic Algorithms for Internet Key
Exchange Version 2 (IKEv2)
RFC 3971 Secure Neighbor Discovery
RFC 3972 Cryptographically Generated Addresses
RFC 3041 Privacy Extensions for Stateless Address Auto
configuration in IPv6