The Fabric IPsec Gateway feature introduces a Virtual Machine (VM) that supports aggregation of Fabric Extend Tunnels with fragmentation, reassembly, and Internet Protocol Security (IPsec) encryption functions.
The minimum configuration requirements for the Fabric IPsec Gateway VM are as follows:
4 GB Random Access Memory (RAM)
One Virtualization Technology for Directed I/O (VT-d) vport (eth0)
Minimum 10 GB SSD
Note
To use this feature on the applicable models of VSP 4900 Series, you must install an SSD module in the switch.To configure IPsec on a switch through the Fabric IPsec Gateway VM, see Fabric IPsec Gateway Configuration using CLI.
Fabric IPsec Gateway supports the following services through the VM:
A device is in IPsec decoupled mode when IPsec and Fabric Extend (FE) termination takes place on two different IP addresses. It is in IPsec coupled mode when IPsec and Fabric Extend (FE) termination takes place on the same IP address.
The XA1400 Series devices support both IPsec decoupled and coupled modes. The VSP 4900 Series and VSP 7400 Series devices support IPsec in decoupled mode only. You must configure the IPsec tunnel in decoupled mode to enable IPsec termination in the Fabric IPsec Gateway VM. For more information about how to configure IPsec tunnels on the VM, see Configure IPsec Tunnels on Fabric IPsec Gateway VM.