Send documentation comments to mdsfeedback-doc@cisco.com.
29-7
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 29 IPsec and IKE
Enabling IPsec Using FCIP Wizard
The switch authentication algorithm uses the preshared keys based on the IP address.

Supported Algorithms for Windows and Linux Platforms

Table 29-1 lists the supported and verified settings for IPSec and IKE encryption authentication
algorithms on the Microsoft Windows and Linux platforms.

Enabling IPsec Using FCIP Wizard

Fabric Manager simplifies the configuration of IPsec and IKE by enabling and configuring these features
as part of the FCIP configuration using the FCIP Wizard. See the “Using the FCIP Wizard” section on
page 19-5.
To enable IPsec using Fabric Manager, follow these steps:
Step 1 Open the FCIP Wizard by clicking its icon in the Fabric Manager toolbar. Figure 29-2 shows the FCIP
Wizard icon.
Figure 29-2 FCIP Wizard
Step 2 Choose the switches that act as endpoints for the FCIP link and click Next.
Note These switches must have MPS-14/2 modules installed to configure IPsec on this FCIP link.
Step 3 Choose the Gigabit Ethernet ports on each MPS-14/2 module that will form the FCIP link.
Step 4 Check the Enforce IPSEC Security check box and set Ike Auth Key as shown in Figure 29-3.
Table 29-1 Supported Algorithms for Windows and Linux Platforms
Platform IKE IPsec
Microsoft iSCSI initiator, Microsoft IPSec
implementation on Microsoft Windows 2000 platform
3DES, SHA-1 or MD5,
DH group 2
3DES,
SHA-1
Cisco iSCSI initiator,
Free Swan IPSec implementation on Linux platform
3DES, MD5, DH group 1 3DES,
MD5