Viewing ipsec security associations – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Brocade Mobility RFS7000-GR Controller System Reference Guide

401

53-1001944-01

Configuring IPSec VPN

6

1. Select Security > IPSec VPN from the main menu tree.

2. Click the Crypto Maps tab and select Interfaces.

3. Refer to the following read-only information displayed within the Interfaces tab.

4. Click the Assign Interface button to assign a Crypto Map to each interface through which IPSec

traffic flows.

Assigning the Crypto Map set to an interface instructs the security appliance to evaluate all the
traffic against the Crypto Map set and use the specified policy during connection or SA
negotiation. Assigning a Crypto Map to an interface also initializes run-time data structures
(such as the SA database and the security policy database). Reassigning a modified Crypto
Map to the interface resynchronizes the run-time data structures with the Crypto Map
configuration. Also, adding new peers through the new sequence numbers and reassigning the
Crypto Map does not break existing connections.

Viewing IPSec security associations

Refer to the IPSec SAs tab to review the various security associations (SAs) between the local and
remote peers comprising an IPSec VPN connection. The IPSec SA tab displays the authentication
and encryption schemes used between the VPN peers as well other device address information.

To display IPSec VPN security associations:

Name

Lists the name of the Crypto Maps available for the interface.

Interface Name

Displays the name of the interface through which IPSec traffic flows. Applying the
Crypto Map set to an interface instructs the switch to evaluate all the interface's
traffic against the Crypto Map set and to use the specified policy during connection
or security association negotiation on behalf of traffic protected by crypto (either
CET or IPSec).