Brocade Web Tools Administrator's Guide v6.2.0 (53-1001194-01, April 2009)

252 Web Tools Administrator’s Guide

53-1001194-01

IPSec over management ports

4. Type a name for the SA in the SA Name field.

5. Choose the IPSec Protocol. The choices are ah (for authentication header) and esp (for

encapsulated security protocol).

6. Choose the Authentication Algorithm. The choices are hmac_md5, hmac_sha1, and AES_xcbc.

7. Choose the Encryption Algorithm. The choices are 3des_cbc, aes_128, and aes_256.

8. Optionally, type an SPI number. An SPI (Security Parameter Index) number is automatically

assigned, but may be manually overridden.

9. Click OK.

Creating an SA proposal

An SA proposal is sent from one endpoint to another to negotiate IKE and IPSec policies. An SA

proposal contains one or more security associations (SA). The endpoints must find a match for

each of the following in the SAs sent in the SA proposal:

• The IKE authentication method.

• The IKE encryption algorithm.

• The IKE hash algorithm.

• The Diffie-Hellman group number.

• The IKE SA lifetime.

• The IP addresses of the endpoints.

• The IPSec protocol (AH or ESP).

• The IPSec Transform policy.

1. Select the SA Proposal tab on the IPSec Policies screen.

2. Select Add.

The Add-SA Proposal dialog box is displayed (Figure 126).

FIGURE 126 Add SA-Proposal dialog box