beautypg.com

Establishing an ike policy, Creating a security association – Dell POWEREDGE M1000E User Manual

Page 223

background image

Web Tools Administrator’s Guide

195

53-1002756-01

IPsec over management ports

15

1. Open the Switch Administration window.

2. Select Show Advanced Mode.

3. Select the Security Policies tab.

4. Under Security Policies, select Ethernet IPsec.

The Ethernet IPsec Policies screen displays.

5. Ethernet IPsec policies can be configured only after enabling IPsec by clicking the Enable

button below the Ethernet IPsec policies table.

Establishing an IKE policy

When you establish an IKE policy, you identify a set of algorithms and authentication rules and
parameters to use in a key exchange. Refer to the Fabric OS Administrator’s Guide for details on
IKE functionality.

To establish an IKE policy, perform the following steps.

1. Select the IKE tab on the IPsec Policies window for Ethernet IPsec.

The Add IKE Policy dialog box displays.

2. Enter an IKE Policy Name.

3. Enter the IP address of the authentication partner in the Peer IP Address field.

4. Enter the switch’s local identifier in the Local Identifier field.

This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name.

5. Enter the identifier of the remote peer switch in Peer Identifier.

This is normally the IP address in IPv4 or IPv6 format, but it may also be a DNS name.

6. Select the Encryption Algorithm option.

7. Select the Hash Algorithm option.

8. Select the PRF Algorithm option.

9. Select the DH Group Number option.

10. Select the Authentication Method option.

11. If PSK is chosen as the authentication method, enter the name of the file that holds the

pre-shared key in the Pre-Shared Key filename field.

12. If you are using an X.509 certificate for authentication, enter the appropriate file names in the

Public Key filename, Private Key filename, and Peer Public Key filename fields in PEM format.

13. Use the PFS selector to turn Perfect Forward Secrecy (PFS) on or off.

PFS provides additional security by means of a Diffie-Hellman shared secret value. With PFS, if
one key is compromised, previous and subsequent keys are secure because they are not
derived from previous keys.

Creating a security association

A security association (SA) describes a set of parameters for providing secure communications
between two endpoints.