Troubleshooting Guide
Page 449
...(IPsec) and Internet Key Exchange (IKE) encryption in the Cisco MDS 9000 Family. It was developed by the Internet Engineering Task Force (IETF). IPsec provides security services at the IP layer, including protecting one or more information on the management interface. OL-9285...-05 Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x 22-1 Send documentation comments to mdsfeedback-doc@cisco.com 22 C H A P T E R Troubleshooting IPsec This...
...(IPsec) and Internet Key Exchange (IKE) encryption in the Cisco MDS 9000 Family. It was developed by the Internet Engineering Task Force (IETF). IPsec provides security services at the IP layer, including protecting one or more information on the management interface. OL-9285...-05 Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x 22-1 Send documentation comments to mdsfeedback-doc@cisco.com 22 C H A P T E R Troubleshooting IPsec This...
Troubleshooting Guide
Page 458
...initializing) () Using Profile id 1 (interface GigabitEthernet7/1) Peer Information Peer Internet address is 10.10.100.232 and port is 3225 FCIP tunnel is protected by IPSec Write acceleration mode is off Auto-Negotiation is turned on 5 minutes input rate 7528 bits/sec, 941 bytes/sec, 8 frames/sec 5...correct. Issue the no shutdown command if necessary. IPsec Issues Chapter 22 Troubleshooting IPsec Send documentation comments to mdsfeedback-doc@cisco.com Step 1 Issue the show interface gigabitethernet command on both switches. Verify that each interface is turned off 22-10...
...initializing) () Using Profile id 1 (interface GigabitEthernet7/1) Peer Information Peer Internet address is 10.10.100.232 and port is 3225 FCIP tunnel is protected by IPSec Write acceleration mode is off Auto-Negotiation is turned on 5 minutes input rate 7528 bits/sec, 941 bytes/sec, 8 frames/sec 5...correct. Issue the no shutdown command if necessary. IPsec Issues Chapter 22 Troubleshooting IPsec Send documentation comments to mdsfeedback-doc@cisco.com Step 1 Issue the show interface gigabitethernet command on both switches. Verify that each interface is turned off 22-10...
Troubleshooting Guide
Page 459
Chapter 22 Troubleshooting IPsec IPsec Issues Send documentation comments to mdsfeedback-doc@cisco.com Tape acceleration mode is off Tape Accelerator flow control buffer size is automatic IP Compression is disabled Special Frame is disabled Maximum ...Trunk vsans (initializing) () Using Profile id 1 (interface GigabitEthernet1/2) Peer Information Peer Internet address is 10.10.100.231 and port is 3225 FCIP tunnel is protected by IPSec Write acceleration mode is off Tape acceleration mode is off Tape Accelerator flow control buffer size is automatic IP Compression is disabled Special...
Chapter 22 Troubleshooting IPsec IPsec Issues Send documentation comments to mdsfeedback-doc@cisco.com Tape acceleration mode is off Tape Accelerator flow control buffer size is automatic IP Compression is disabled Special Frame is disabled Maximum ...Trunk vsans (initializing) () Using Profile id 1 (interface GigabitEthernet1/2) Peer Information Peer Internet address is 10.10.100.231 and port is 3225 FCIP tunnel is protected by IPSec Write acceleration mode is off Tape acceleration mode is off Tape Accelerator flow control buffer size is automatic IP Compression is disabled Special...
Troubleshooting Guide
Page 460
... security associations (SAs), follow : MDSA# show crypto sad domain ipsec interface:GigabitEthernet7/1 Crypto map tag:cmap-01, local addr. 10.10.100.231 protected network: local ident (addr/mask):(10.10.100.231/255.255.255.255) remote ident (addr/mask):(10.10.100.232/255.255.255.255...current inbound spi:0x38147002 (940863490), index:1 lifetimes in seconds::3600 lifetimes in bytes::483183820800 MDSC# show crypto sad domain ipsec command to mdsfeedback-doc@cisco.com 2 Active TCP connections Control connection:Local 10.10.100.232:65492, Remote 10.10.100.231:3225 Data connection:Local 10.10.100....
... security associations (SAs), follow : MDSA# show crypto sad domain ipsec interface:GigabitEthernet7/1 Crypto map tag:cmap-01, local addr. 10.10.100.231 protected network: local ident (addr/mask):(10.10.100.231/255.255.255.255) remote ident (addr/mask):(10.10.100.232/255.255.255.255...current inbound spi:0x38147002 (940863490), index:1 lifetimes in seconds::3600 lifetimes in bytes::483183820800 MDSC# show crypto sad domain ipsec command to mdsfeedback-doc@cisco.com 2 Active TCP connections Control connection:Local 10.10.100.232:65492, Remote 10.10.100.231:3225 Data connection:Local 10.10.100....
Troubleshooting Guide
Page 476
... the switch. 2. Generate a certificate request in a repository. Overview Chapter 24 Troubleshooting Digital Certificates Send documentation comments to mdsfeedback-doc@cisco.com RSA Key Pairs and Identity Certificates You can generate one or both of these methods to verify that the peer certificate has ... trust point. 3. The switch uses one or more RSA key pairs and associate each trusted CA. The information in the password-protected PKCS#12 standard format. The complete identity information in a trust point can be not revoked if no other revocation checking methods are...
... the switch. 2. Generate a certificate request in a repository. Overview Chapter 24 Troubleshooting Digital Certificates Send documentation comments to mdsfeedback-doc@cisco.com RSA Key Pairs and Identity Certificates You can generate one or both of these methods to verify that the peer certificate has ... trust point. 3. The switch uses one or more RSA key pairs and associate each trusted CA. The information in the password-protected PKCS#12 standard format. The complete identity information in a trust point can be not revoked if no other revocation checking methods are...