Ipsec Prerequisites; Using Ipsec - Cisco MDS 9000 Series Configuration Manual

IPsec Prerequisites

• Allows you to refresh IPsec SAs.
• Allows IPsec to provide anti-replay services.
• Supports a manageable, scalable IPsec configuration.
• Allows dynamic authentication of peers.
Note IKE is not supported on the Cisco Fabric Switch for HP c-Class BladeSystem and the Cisco Fabric Switch
for IBM BladeSystem.
IPsec Prerequisites
To use the IPsec feature, you need to perform the following tasks:
• Obtain the ENTERPRISE_PKG license (see the Cisco MDS 9000 Family NX-OS Licensing Guide).
• Configure IKE as described in the

Using IPsec

To use the IPsec feature, follow these steps:
Procedure
Step 1 Obtain the ENTERPRISE_PKG license to enable IPsec for iSCSI and to enable IPsec for FCIP. See the Cisco
MDS 9000 Family NX-OS Licensing Guide for more information.
Step 2 Configure IKE as described in the
Example
Note
The IPsec feature inserts new headers in existing packets (see the Cisco MDS 9000 Family NX-OS
IP Services Configuration Guide for more information).
This section contains the following topics:
IPsec Compatibility
IPsec features are compatible with the following Cisco MDS 9000 Family hardware:
• Cisco 18/4-port Multi-Service Module (MSM-18/4) modules.
• Cisco MDS 9250i Multiservice Fabric Switches.
• Cisco MDS 24/10 port SAN Extension Module on Cisco MDS 9700 Series Switches.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
170
About IKE Initialization, on page 176
Manually Configuring IPsec and IKE, on page 176
Configuring IPSec Network Security
section.
section.