Configuring ike settings, Defining the ike configuration – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual
Page 388
374
Brocade Mobility RFS7000-GR Controller System Reference Guide
53-1001944-01
Configuring IKE settings
6
Configuring IKE settings
IKE (also known as ISAKMP) is the negotiation protocol enabling two hosts to agree on how to build
an IPSec security association. To configure the security appliance for virtual private networks, set
global IKE parameters that apply system wide and define IKE policies peers negotiate to establish
a VPN tunnel.
IKE protocol is an IPSec standard protocol used to ensure security for VPN negotiation, and remote
host or network access. IKE provides an automatic means of negotiation and authentication for
communication between two or more parties. IKE manages IPSec keys automatically.
The IKE configuration is defined by the following:
•
Defining the IKE configuration
•
•
NOTE
By default, the IKE feature is enabled. Brocade does not support disabling the IKE server.
NOTE
The default isakmp policy will not be picked up for IKE negotiation if another crypto isakmp policy is
created. For the default isakmp policy to be picked up for AAP adoption you must first create the
default isakmp policy as a new policy with default parameters. This needs to be done if multiple
crypto isakmp policies are needed in the switch configuration.
Defining the IKE configuration
Refer to the Configuration tab to enable (or disable) IKE and define the IKE identity (for exchanging
identities).
Use IKE to specify IPSec tunnel attributes for an IPSec peer and initiate an IKE negotiation with the
tunnel attributes. This feature is best implemented in a crypto hub scenario. This scenario is
scalable since the keys are kept at a central repository (the RADIUS server) and more than one
switch and application can use the information.
To view the current set of IKE configurations: