Send documentation comments to mdsfeedback-doc@cisco.com.
29-16
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 29 IPsec and IKE
Modifying IKE and IPsec
To create or modify crypto map entries using Fabric Manager, follow these steps:
Step 1 Choose Switches > Security > IPSEC in the Physical Attributes pane. You see the IPSEC configuration
in the Information pane.
Step 2 Choose the CryptoMap Set Entry tab. You see the existing crypto maps configured.
Step 3 Optionally, click Create Row to create a new crypto map entry. You see the Create Crypto Map dialog
box.
Step 4 Select the switch you want to configure or modify. If you are creating a new crypto map, set the setName
and priority for this crypto map.
Step 5 Set the IP-ACL and TransformSetIdList for this crypto map.
Step 6 Optionally, check the AutoPeer check box or set the Peer address if you are creating a new crypto map.
See the “The AutoPeer Option” section on page 29-14.
Step 7 Choose the appropriate PFS radio button. See the “Perfect Forwarding Secrecy” section on page 29-15.
Step 8 Set the Lifetime and LifeSize. See the “SA Lifetime Negotiation” section on page 29-15.
Step 9 Optionally, click Create if you are creating a new crypto map, or click the Apply Changes icon if you
are modifying an existing crypto map.

Applying a Crypto Map Set to an Interface

You need to apply a crypto map set to each interface through which IPsec traffic will flow. Applying the
crypto map set to an interface instructs the switch to evaluate all the interface's traffic against the crypto
map set and to use the specified policy during connection or SA negotiation on behalf of traffic to be
protected by crypto.
You can apply only one crypto map set to an interface. You can apply the same crypto map to multiple
interfaces. However, you cannot apply more than one crypto map set to each interface.
To apply a crypto map set to an interface using Fabric Manager, follow these steps:
Step 1 Choose Switches > Security > IPSEC in the Physical Attributes pane. You see the IPSEC configuration
in the Information pane.
Step 2 Choose the Interfaces tab. You see the existing interface to crypto map configuration.
Step 3 Optionally, click Create Row to create a apply a crypto map to an interface. You see the Interfaces
Create dialog box.
Step 4 Select the switch and interface you want to configure.
Step 5 Select the CryptomapSetName to the name of the crypto map you want to apply to this interface.
Step 6 Click Create to apply the crypto map to the selected interface or click Close to exit the dialog box
without applying the crypto map.