Tips and Pitfalls: IPSEC and CA
- bfeeny
- Sep 26, 2010
- 1 min read
domain-name and hostname must be set prior to certificate generation
If you revoke a certificate you need to zeroize the rsa keypair
OSCP must be used for real time revocation checking
You can define multiple trustpoints
When keys are exported the CA certificate and RSA keypair are exported with it
IPSEC is configured on Gigabit interfaces not Port-Channels or FCIP interfaces
IPSEC with digital certificates requires identity hostname
MS iSCSI Initiator IKE uses 3DES, SHA or MD5 and DH 2
MS iSCSI Initiator IPSec uses 3DES, SHA-1
Cisco iSCSI Initiator IKE uses 3DES, MD5, DH1
Cisco iSCSI IPSec uses 3DES, MD5
If the peer IP address specified in the crypto map entry is a VRRP IP address on a remote Cisco MDS switch, ensure that the IP address is created using the secondary option
Recent Posts
See AllOne issue to be mindful of when configuring Cisco MDS switches with Brocade switches is that Brocades Per VC Flow Control must be...
At 1Gbps a FC frame is 4km long, at 2Gbps a frame is 2km long, and at 4Gbps a frame is 1km long. A 10km cable is 20km round trip. Round...
Comentários