EasyManuals Logo
Home>Cisco>Switch>MDS 9000 Series

Cisco MDS 9000 Series User Manual

Cisco MDS 9000 Series
16 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #6 background imageLoading...
Page #6 background image
Send documentation comments to mdsfeedback-doc@cisco.com
22-6
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 22 Troubleshooting IPsec
IPsec Issues
Security Associations Do Not Re-Key, page 22-15
Clearing Security Associations, page 22-15
Debugging the IPsec Process, page 22-15
Debugging the IKE Process, page 22-15
Obtaining Statistics from the IPsec Process, page 22-15
Verifying IKE Configuration Compatibility
To verify the compatibility of the IKE configurations of MDS A and MDS C shown in Figure 22-1,
follow these steps:
Step 1 Ensure that the preshared keys are identical on each switch. Use the show crypto ike domain ipsec key
CLI command on both switches. Command outputs for the configuration shown in Figure 22-1 follow:
MDSA# show crypto ike domain ipsec key
key ctct address 10.10.100.232
MDSC# show crypto ike domain ipsec key
key ctct address 10.10.100.231
Step 2 Ensure that at least one matching policy that has the same encryption algorithm, hash algorithm, and
Diffie-Hellman (DH) group is configured on each switch. Issue the show crypto ike domain ipsec
policy command on both switches. Example command outputs for the configuration shown in Figure 22-1
follow:
MDSA# show crypto ike domain ipsec policy
Priority 1, auth pre-shared, lifetime 86300 secs, encryption 3des, hash md5, DH group 1
MDSC# show crypto ike domain ipsec policy
Priority 1, auth pre-shared, lifetime 86300 secs, encryption 3des, hash md5, DH group 1
Verifying IPsec Configuration Compatibility Using Fabric Manager
To verify the compatibility of the IPsec configurations of MDS A and MDS C shown in Figure 22-1
using Fabric manager, follow these steps:
Step 1 Choose Switches > Security > IPSEC and select the CryptoMap Set Entry tab. Verify that the Peer
Address, IpFilter, Lifetime, and PFS fields match for MDS A and MDS C.
Step 2 Select the Transform Set tab and verify that the transform set on both switches match.
Step 3 Select the Interfaces tab and verify that the crypto map set is applied to the correct interface on both
switches.
Step 4 In Device Manager, choose IP > ACLs and verify that the ACLs used in the crypto map in Step 1 are
compatible on both switches.

Table of Contents

Other manuals for Cisco MDS 9000 Series

Preview: Configuration Guide
Configuration Guide344 pages
Preview: Troubleshooting Guide
Troubleshooting Guide161 pages
Preview: Command Reference
Command Reference1464 pages
Preview: Rack Installation
Rack Installation8 pages
Preview: Installing
Installing22 pages
Preview: Hardware Installation Guide
Hardware Installation Guide62 pages
Preview: Installation Guide
Installation Guide20 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco MDS 9000 Series and is the answer not in the manual?

Cisco MDS 9000 Series Specifications

General IconGeneral
BrandCisco
ModelMDS 9000 Series
CategorySwitch
LanguageEnglish

Related product manuals