Send documentation comments to mdsfeedback-doc@cisco.com.
29-6
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 29 IPsec and IKE
Configuring IPsec Network Security
•Data Encryption Standard (DES) is used to encrypt packet data and implements the mandatory
56-bit DES-CBC. CBC requires an initialization vector (IV) to start encryption. The IV is explicitly
given in the IPsec packet. This is an encryption technology.
•Triple DES (3DES) is a strong form of encryption that allows sensitive information to be transmitted
over untrusted networks. It enables customers to utilize network layer encryption and implements
168-bit encryption. This is an encryption technology.
Note Cisco SAN-OS images with strong encryption are subject to United States government export
controls, and have a limited distribution. Images to be installed outside the United States require
an export license. Customer orders might be denied or subject to delay due to United States
government regulations. Contact your sales representative or distributor for more information,
or send e-mail to export@cisco.com.
•Message Digest 5 (MD5) is a hash algorithm with the HMAC variant. HMAC is a keyed hash variant
used to authenticate data. This is an authentication technology.
•Secure Hash Algorithm (SHA-1) is a hash algorithm with the Hash Message Authentication Code
(HMAC) variant. This is an authentication technology.
•AES-XCBC-MAC is a Message Authentication Code (MAC) using the AES algorithm. This is an
authentication technology.
Supported IKE Transforms and Algorithms
The component technologies implemented for IKE include the following transforms:
•Diffie-Hellman (DH) is a public-key cryptography protocol which allows two parties to establish a
shared secret over an unsecure communications channel. Diffie-Hellman is used within IKE to
establish session keys. Group 1 (768-bit), Group 2 (1024-bit), and Group 5 (1536-bit) groups are
supported.
•Advanced Encrypted Standard (AES) is an encryption algorithm. It implements either 128 bits using
Cipher Block Chaining (CBC) or counter mode. This is an encryption technology.
•Data Encryption Standard (DES) is used to encrypt packet data and implements the mandatory
56-bit DES-CBC. CBC requires an initialization vector (IV) to start encryption. The IV is explicitly
given in the IPsec packet. This is an encryption technology.
•Triple DES (3DES) is a strong form of encryption that allows sensitive information to be transmitted
over untrusted networks. It enables customers to utilize network layer encryption and implements
168-bit encryption. This is an encryption technology.
Note Cisco SAN-OS images with strong encryption are subject to United States government export
controls, and have a limited distribution. Images to be installed outside the United States require
an export license. Customer orders might be denied or subject to delay due to United States
government regulations. Contact your sales representative or distributor for more information,
or send e-mail to export@cisco.com.
•Message Digest 5 (MD5) is a hash algorithm with the HMAC variant. HMAC is a keyed hash variant
used to authenticate data. This is an authentication technology.
•Secure Hash Algorithm (SHA-1) is a hash algorithm with the Hash Message Authentication Code
(HMAC) variant. This is an authentication technology.