B.3 replacing an ap-4131 with an ap-5131 – Symbol Technologies AP-5131 User Manual

AP-5131 Usage Scenarios

B-19

These three rules should be configured above all other rules (default or user defined). When
Advanced LAN Access is used, certain inbound/outbound rules need to be configured to
control incoming/outgoing packet flow for IPSec to work properly (with Advanced LAN
Access). These rules should be configured first before other rules are configured.

•

Question 13: Do I need to add any special routes on the AP-5131 to get my VPN
tunnel to work?

No. However, clients could need extra routing information. Clients on the local LAN side
should either use the AP-5131 as their gateway or have a route entry tell them to use the
AP-5131 as the gateway to reach the remote subnet.

B.3 Replacing an AP-4131 with an AP-5131

The AP-5131’s modified default configuration enables an AP-5131 to not only operate in a single-cell
environrment, but also function as a replacement for legacy Symbol AP-4131 model access points.
You cannot port an AP-5131’s configuration file to an AP-5131, but you can configure an AP-5131
similarly and provide an improved data rate and feature set.

An AP-4131 has only one LAN port and it is defaulted to DHCP/BOOTP enabled. The AP-5131 is
optimized for single-cell deployment, so it should allow the customer to use an AP-5131 as a
”drop-in” replacement for an existing AP-4131 deployment. However, to optimally serve as a
replacement for existing AP-4131 deployments, the AP-5131’s “out-of-box” defaults are now set as
follows:

•

The AP-5131’s LAN1 port must default to DHCP client mode

•

The AP-5131’s LAN2 port must default to DHCP server mode

•

The AP-5131’s WAN port must default to Static mode.

•

The default gateway now defaults to LAN1.

Scr

<Remote Subnet IP range>

Dst

<WAN IP address>

Transport

UDP

Scr port

1:65535

Dst port

500

Rev NAT

None