Brocade Web Tools Administrator's Guide v6.2.0 (53-1001194-01, April 2009)

Web Tools Administrator’s Guide 251

53-1001194-01

IPSec over management ports

5. Type the identifier of the remote peer switch in Peer Identifier. This is normally the IP address

in IPv4 or IPv6 format, but it may also be a DNS name.

6. Choose the Encryption Algorithm. the choices are 3des_cbc, null_enc, aes128_cbc, and

aes256_cbc.

7. Choose the Hash Algorithm. The choices are hmac_md5 and hmac_sha1.

8. Choose the PRF Algorithm. The choices are hmac_md5 and hmac_sha1.

9. Choose the DH Group Number. The choices are 1(modp768), 2(modp1024), and

14(modp2048).

10. Choose the Authentication Method. The choices are psk, dss, and rsasig.

11. If PSK is chosen as the authentication method, type the name of the file that holds the pre-

shared key in the Pre-Shared Key filename field.

12. If you are using an X.509 certificate for authentication, type the appropriate file names in the

Public Key filename, Private Key filename, and Peer Public Key filename fields in PEM format.

13. Use the PFS selector to turn Perfect Forward Secrecy (PFS) on or off. PFS provides additional

security by means of a Diffie-Hellman shared secret value. With PFS, if one key is

compromised, previous and subsequent keys are secure because they are not derived from

previous keys.

Creating a security association (SA)

A security association (SA) describes a set of parameters for providing secure communications

between two endpoints.

1. Select the IPSec tab.

The IPSec Policies screen is displayed.

2. Select the SA tab.

3. Select Add.

The Add SA dialog box is displayed (Figure 125).

FIGURE 125 Add SA dialog box