Sample Iscsi Configuration - Cisco MDS 9000 Series Configuration Manual

Sample iSCSI Configuration

sw10.1.1.100# show crypto ike domain ipsec sa
Tunn Local Addr
-------------------------------------------------------------------------------
1 10.10.100.231[500]
You have now configured IPsec in both switches MDS A and MDS C.
Sample iSCSI Configuration
Figure 17: iSCSI with End-to-End Ipsec, on page 208
hosts in subnet 12.12.1/24. Using the auto-peer option, when any host from the subnet 12.12.1.0/24 tries to
connect to the MDS switch's Gigabit Ethernet port 7/1, an SA is created between the hosts and the MDS
switch. With auto-peer, only one crypto map is necessary to create SAs for all the hosts in the same subnet.
Without auto-peer, you need one crypto map entry per host.
Figure 17: iSCSI with End-to-End Ipsec
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
208
protected network:
local ident (addr/mask): (10.10.100.231/255.255.255.255)
remote ident (addr/mask): (10.10.100.232/255.255.255.255)
current_peer: 10.10.100.232
local crypto endpt.: 10.10.100.231, remote crypto endpt.: 10.10.100.232
mode: tunnel, crypto algo: esp-3des, auth algo: esp-md5-hmac
current outbound spi: 0x900b01e (151040030), index: 10
lifetimes in seconds:: 3600
lifetimes in bytes:: 3221225472000
current inbound spi: 0x38fe700e (956198926), index: 13
lifetimes in seconds:: 3600
lifetimes in bytes:: 3221225472000
Remote Addr
10.10.100.232[500]
Configuring IPSec Network Security
Encr Hash Auth Method
3des md5 preshared key
focuses on the iSCSI session between MDS A and the
Lifetime
86300