Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Encrypting Messages Between Two Nodes in a Chassis Cluster

This example provides you a procedure to enable encryption on security devices.

This procedure provides you step on how you can optionally configure the control-link to encrypt messages between two nodes in a chassis cluster. This configuration will ensure secure login by using configured internal IPsec security association (SA).

When the internal IPsec SA is configured, IPsec-based rlogin and remote command (rcmd) are enforced so that attackers cannot gain privileged access or observe traffic containing administrator commands and outputs.

You do not need to configure the internal IPsec SA on both nodes because the nodes are synchronized when the configuration is committed.

  1. To enable control link encryption in chassis cluster, run the following commands:

    The only supported encryption algorithm is 3des-cbc and the key must be exactly 24 bytes long, otherwise the configuration will result in commit failure.

  2. Commit the configuration.

    After the settings have been configured correctly and committed, a reboot would be required for the feature to take effect.

  3. View the configuration of control link encryption before reboot and after reboot.

Related Documentation