Send documentation comments to mdsfeedback-doc@cisco.com.
29-2
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 29 IPsec and IKE
Configuring IPsec Network Security
This module is available for use in any switch in the Cisco MDS 9200 Series or in the Cisco MDS 9500
Series. The 16-port, hot-swappable MPS-14/2 module has 14 Fibre Channel ports (numbered 1 through
14) and two Gigabit Ethernet ports (numbered 1 and 2) that can support FCIP protocol, iSCSI protocol,
or both protocols simultaneously. The MPS-14/2 supports IPsec on the Gigabit Ethernet ports. See the
“Enabling IPsec Using FCIP Wizard” section on page 29-7.
Figure 29-1 shows how the MPS-14/2 module is used in different scenarios.
Figure 29-1 FCIP and iSCSI Scenarios Using MPS-14-2 Modules
IPsec Prerequisites
To use the IPsec feature, you need to perform the following tasks:
•Obtain the ENTERPRISE_PKG license.
•Configure IKE.
Note The IPsec feature inserts new headers in existing packets.
FCFC
FCFC
FCFC
MDS_Switch1
WAN
WAN MDS
iSCSI Servers
IPSec for
securing
FCIP traffic
IPSec for
securing
iSCSI traffic
FC Servers
iSCSI Servers
120481
MDS_Switch 2 MDS_Switch 3
IPsec for securing
traffic between
MDS and router
Nonsecure
connection
Secure
connection