CHAPTER
Send documentation comments to mdsfeedback-doc@cisco.com.
29-1
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
29

IPsec and IKE

Fabric Manager provides the capability to configure and manage IPsec using IKE.
This chapter includes the following sections:
Configuring IPsec Network Security, page 29-1
Enabling IPsec Using FCIP Wizard, page 29-7
Modifying IKE and IPsec, page 29-8

Configuring IPsec Network Security

IP Security Protocol (IPsec) is a framework of open standards that provides data confidentiality, data
integrity, and data authentication between participating peers. It is developed by the Internet Engineering
Task Force (IETF). IPsec provides these security services at the IP layer. IPsec can be used to protect
one or more data flows between a pair of hosts, between a pair of security gateways, or between a
security gateway and a host. The overall IPsec implementation is per the latest version of RFC2401.
Cisco SAN-OS IPsec implements RFC 2402 through RFC 2410.
Refer to the following website for further information on the IPsec RFCs:
http://www.ietf.org.
IPsec uses the Internet Key Exchange (IKE) protocol to handle protocol and algorithm negotiation and
to generate the encryption and authentication keys to be used by IPsec. While IKE can be used with other
protocols, its initial implementation is with the IPsec protocol. IKE provides authentication of the IPsec
peers, negotiates IPsec security associations, and establishes IPsec keys. IKE uses RFCs 2408, 2409,
2410, and additionally, implements the draft-ietf-ipsec-ikev2-15.txt draft.
Refer to the following website for further information on the IKE draft:
http://www.ietf.org/
Note The term IPsec is sometimes used to describe the entire protocol of IPsec data services and IKE security
protocols and is also sometimes used to describe only the data services.

The 14/2-Port Multiprotocol Services Module

The 14/2-port Multiprotocol Services (MPS-14/2) module allows you to use Fibre Channel, FCIP, and
iSCSI features. It integrates seamlessly into the Cisco MDS 9000 Family, and it supports the full range
of features available on other switching modules, including VSANs, security, and traffic management.