Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual page 946
Cisco mds 9000 family cli configuration guide - release 4.x (ol-18084-01, february 2009)
Hide thumbs
Also See for AP776A - Nexus Converged Network Switch 5020:
- Command reference manual (1640 pages) ,
- Configuration manual (1486 pages) ,
- Reference (886 pages)
Table of Contents
Advertisement
Sample FCIP Configuration
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
#
#
63:
sw11.1.1.100# show crypto sad domain ipsec
interface: GigabitEthernet1/2
sw11.1.1.100# show crypto transform-set domain ipsec
Transform set: tfs-02 {esp-aes 128 esp-sha1-hmac}
sw11.1.1.100# show crypto ike domain ipsec
keepalive 3600
sw11.1.1.100# show crypto ike domain ipsec key
key ctct address 10.10.100.231
sw11.1.1.100# show crypto ike domain ipsec policy
Priority 1, auth pre-shared, lifetime 86300 secs, encryption 3des, hash md5, DH
group 1
sw11.1.1.100# show crypto ike domain ipsec sa
Tunn
----------------------------------------------------------------------------------------
1*
-----------------------------------------------------------------------------------------
NOTE: tunnel id ended with * indicates an IKEv1 tunnel
Verify the configuration in Switch MDS A.
Step 17
sw10.1.1.100# show crypto sad domain ipsec
interface: GigabitEthernet7/1
sw10.1.1.100# show crypto ike domain ipsec sa
Tunn Local Addr
-------------------------------------------------------------------------------
1 10.10.100.231[500]
Cisco MDS 9000 Family CLI Configuration Guide
37-38
2:
permit ip 10.10.100.232 255.255.255.255 10.10.100.231 255.255.255.255
deny
ip any any
Crypto map tag: cmap-01, local addr. 10.10.100.232
protected network:
local
ident (addr/mask): (10.10.100.232/255.255.255.255)
remote
ident (addr/mask): (10.10.100.231/255.255.255.255)
current_peer: 10.10.100.231
local crypto endpt.: 10.10.100.232, remote crypto endpt.: 10.10.100.231
mode: tunnel, crypto algo: esp-3des, auth algo: esp-md5-hmac
current outbound spi: 0x38f96001 (955867137), index: 29
lifetimes in seconds:: 120
lifetimes in bytes:: 3221225472000
current inbound spi: 0x900b011 (151040017), index: 16
lifetimes in seconds:: 120
lifetimes in bytes:: 3221225472000
will negotiate {tunnel}
Local Addr
10.10.100.232[500]
Crypto map tag: cmap-01, local addr. 10.10.100.231
protected network:
local
ident (addr/mask): (10.10.100.231/255.255.255.255)
remote
ident (addr/mask): (10.10.100.232/255.255.255.255)
current_peer: 10.10.100.232
local crypto endpt.: 10.10.100.231, remote crypto endpt.: 10.10.100.232
mode: tunnel, crypto algo: esp-3des, auth algo: esp-md5-hmac
current outbound spi: 0x900b01e (151040030), index: 10
lifetimes in seconds:: 120
lifetimes in bytes:: 3221225472000
current inbound spi: 0x38fe700e (956198926), index: 13
lifetimes in seconds:: 120
lifetimes in bytes:: 3221225472000
Remote Addr
10.10.100.232[500]
Remote Addr
Encr
10.10.100.231[500]
3des
Encr
3des
Chapter 37
Configuring IPsec Network Security
Hash
Auth Method
md5
preshared key
Hash
Auth Method
Lifetime
md5
preshared key
OL-18084-01, Cisco MDS NX-OS Release 4.x
Lifetime
86300
86300
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
