DCFM Enterprise User Manual (53-1001775-01, June 2010)
398 DCFM Enterprise User Manual
53-1001775-01
Configuring IPSec and IKE policies
16
Configuring IPSec and IKE policies
IPSec and IKE policies are configured from the Security tab. The screens and procedures are
platform-dependent. Figure 158 shows the screen for the 4 Gbps Router, Extension Switch.
Figure 158 shows the screen for the 8 Gbps 16-FC ports, 6-Gbit ports Extension Switch and 8 Gbps
12-FC port, 10 GbE ports, 2-10 GbE ports Extension blade.
1. Optionally, ensure that the peer switches on either end of the connection have known WWNs.
This provides an added measure of security.
2. Assign IKE and IPsec policies. For the 4 Gbps router, Extension switch and blade, you must
choose from a drop-down list of policies. The 8 Gbps router, Extension switch and blade have
predefined IKE and IPsec policies. These policies are enabled by selecting the Enable IPSec
check box. Matching policies are applied to the remote switch. Note that the Enable IPSec
check box is grayed while editing the tunnels because the IPsec settings cannot be edited for
the secured tunnels.
3. In the PreShared Key field, specify the key for IKE authentication. For the 4 Gbps router,
Extension switch and blade, the key is between 12 and 32 alphanumeric characters. The
length required depends on the chosen IKE policy. For the 8Gbps router, Extension switch and
blade, the key must be 32 alphanumeric characters.
F
FIGURE 158 Advanced Settings Security tab for the 4 Gbps Router, Extension Switch and Blade
These policies are used to make the connection more secure through authentication and
encryption. When you select a policy for the local switch, a matching policy is automatically
selected on the remote switch. If no matching policy is found, you must manually configure the
policy on the remote switch.