Send documentation comments to mdsfeedback-doc@cisco.com.
29-3
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 29 IPsec and IKE
Configuring IPsec Network Security
IPsec Compatibility
IPsec features are compatible with the following Cisco MDS hardware running Cisco MDS SAN-OS
Release 2.0 or later:
•MPS-14/2 modules in Cisco MDS 9200 Switches or Cisco MDS 9500 Directors
•Cisco MDS 9216i Switch with the 14/2-Port multiprotocol capability in the integrated supervisor
module. Refer to the Cisco MDS 9200 Series Hardware Installation Guide for more information on
the Cisco MDS 9216i Switch.
Note In both the MPS module and the Cisco MDS 9216i integrated supervisor module, the port numbering
differs for the Fibre Channel and the Gigabit Ethernet ports—the Fibre Channel ports are numbered from
1 through 14 and the Gigabit Ethernet ports are numbered as 1 and 2.
IPsec features are compatible with the following fabric set up:
•Two connected Cisco MDS 9200 switches or Cisco MDS 9500 directors running Cisco MDS
SAN-OS Release 2.0 or later.
•Cisco MDS 9200 switches or Cisco MDS 9500 directors running Cisco MDS SAN-OS Release 2.0
or later connected to any Cisco router.
•Cisco MDS 9200 switches or Cisco MDS 9500 directors running Cisco MDS SAN-OS Release 2.0
or later connected to any Cisco host.
•The following features are not supported in the SAN-OS implementation of the IPsec feature:
–
Authentication header (AH).
–
Transport mode.
–
Security association bundling.
–
Manually configuring security associations.
–
Per host security association option in a crypto map.
–
Security association idle timeout
–
Dynamic crypto maps.
Note Any reference to crypto maps in this document, only refers to static crypto maps.
About IPsec
IPsec provides security for transmission of sensitive information over unprotected networks such as the
Internet. IPsec acts at the network layer, protecting and authenticating IP packets between participating
IPsec devices (peers).
IPsec provides the following network security services. In general, the local security policy dictates the
use of one or more of these services between two participating IPsec switches:
•Data confidentiality—The IPsec sender can encrypt packets before transmitting them across a
network.
•Data integrity—The IPsec receiver can authenticate packets sent by the IPsec sender to ensure that
the data has not been altered during transmission.