Brocade Web Tools Administrator's Guide - Supporting Fabric OS v7.0.0 (53-1002152-01, March 2012)
Web Tools Adminstrator’s Guide 207
53-1002152-01
IPsec over management ports
16
8. Set a Security Association Lifetime (in seconds).
The Security Association Lifetime is a time value in seconds. When this timer expires, the
security association (SA) is rekeyed. This limits the amount of time a given key is available to a
potential attacker.
9. Click OK.
Establishing an IPsec policy for an FCIP tunnel
To establish an IPsec policy for an FCIP tunnel, perform the following steps.
1. Select the IPsec tab.
The IPsec Policies window displays.
2. Select Create.
An Add Policy dialog box displays.
3. Policy Type provides a way to toggle between the IKE and IPsec Add Policy dialog boxes.
Make sure the Policy Type is set to IPSEC.
4. Assign a policy number.
The Policy Number selector allows you to select a number between 1 and 32.
5. Select the Encryption Algorithm used in this policy.
The choices are 3DES, AES-128, and AES_256.
6. Select an Authentication Algorithm for this policy.
The choices are SHA-1, MD5, and AES-XCBC. The remaining three fields are grayed out. They
apply only to IKE policies.
7. Cl ick OK.
IPsec over management ports
IPsec can be applied to the management port on a switch or a CP blade to establish a secure
connection between a PC or workstation and Web Tools. The connection can be used as a virtual
private network (VPN) interface to Web Tools.
At a high level, the steps to take are:
• Access the Ethernet IPsec Policies dialog box.
• Enable IPsec.
• Create an IKE policy for authentication.
• Create an security association (SA).
• Create an SA proposal.
• Add a IPsec Transform policy, referencing the IKE policy and the SA proposal.
• Add an IPsec selector that allows you to apply a Transform policy to a specific IP flow.