S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Troubleshooting IPsec
This chapter describes how to troubleshoot IP security (IPsec) and Internet Key Exchange (IKE)
encryption in the Cisco MDS 9000 Family. It includes the following sections:
•
•
•
Overview
The IPsec protocol is a framework of open standards that provides data confidentiality, data integrity,
and data authentication between participating peers. It was developed by the Internet Engineering Task
Force (IETF). IPsec provides security services at the IP layer, including protecting one or more data
flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a
host. IPsec is supported for iSCSI and FCIP using IKE and Encapsulated Security Protocol (ESP) in
tunnel mode.
This section contains the following topics:
•
•
•
•
IPsec Compatibility
IPsec features are compatible with the following Cisco MDS 9000 Family hardware:
•
•
•
OL-9285-05
Overview, page 22-1
Initial Troubleshooting Checklist, page 22-4
IPsec Issues, page 22-5
IPsec Compatibility, page 22-1
Supported IPsec and IKE Algorithms for Microsoft Windows and Linux Platforms, page 22-2
IKE Allowed Transforms, page 22-3
IPsec Allowed Transforms, page 22-4
Cisco 14/2-port Multiprotocol Services (MPS-14/2) modules in Cisco MDS 9200 switches or Cisco
MDS 9500 directors
Cisco MDS 9216i Switch with the MPS-14/2 capability in the integrated supervisor module. Refer
to the Cisco MDS 9200 Series Hardware Installation Guide for more information on the Cisco MDS
9216i Switch.
The IPsec feature is not supported on the management interface.
C H A P T E R
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
22
22-1