Sample Fcip Configuration - Cisco MDS 9000 Series Configuration Manual

Sample FCIP Configuration

Sample FCIP Configuration
Figure 16: IP Security Usage in an FCIP Scenario, on page 204
link (Tunnel 2). Tunnel 2 carries encrypted data between MDS A and MDS C.
Figure 16: IP Security Usage in an FCIP Scenario
To configure IPsec for the FCIP scenario shown in
204, follow these steps:
Procedure
Step 1
Enable IKE and IPsec in Switch MDS A.
sw10.1.1.100# configure terminal
sw10.1.1.100(config)# feature crypto ike
sw10.1.1.100(config)# feature crypto ipsec
Step 2
Configure IKE in Switch MDS A.
sw10.1.1.100(config)# crypto ike domain ipsec
sw10.1.1.100(config-ike-ipsec)# key ctct address 10.10.100.232
sw10.1.1.100(config-ike-ipsec)# policy 1
sw10.1.1.100(config-ike-ipsec-policy)# encryption 3des
sw10.1.1.100(config-ike-ipsec-policy)# hash md5
sw10.1.1.100(config-ike-ipsec-policy)# end
sw10.1.1.100#
Step 3
Configure the ACLs in Switch MDS A.
sw10.1.1.100# configure terminal
sw10.1.1.100(config)# ip access-list acl1 permit tcp 10.10.100.231 0.0.0.0 10.10.100.232
0.
0.0.0
Step 4
Configure the transform set in Switch MDS A.
sw10.1.1.100(config)# crypto transform-set domain ipsec tfs-02 esp-aes 128
esp-sha1-hmac
Step 5
Configure the crypto map in Switch MDS A.
sw10.1.1.100(config)# crypto map domain ipsec cmap-01 1
sw10.1.1.100(config-crypto-map-ip)# match address acl1
sw10.1.1.100(config-crypto-map-ip)# set peer 10.10.100.232
sw10.1.1.100(config-crypto-map-ip)# set transform-set tfs-02
sw10.1.1.100(config-crypto-map-ip)# set security-association lifetime seconds 3600
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
204
Configuring IPSec Network Security
focuses on implementing IPsec for one FCIP
Figure 16: IP Security Usage in an FCIP Scenario, on page