Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

394

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Configuring IPSec VPN

6

5. Select an existing Crypto Map and click the Delete button to remove it from the list of available.

6. Click the Add button to define the attributes of a new Crypto Map.

a. Assign a Seq # (sequence number) to distinguish one Crypto Map from the another.

b. Assign the Crypto Map a Name to differentiate from others with similar configurations.

c. Use the None, Domain Name or Host Name radio buttons to select and enter the fully

qualified domain name (FQDN) or host name of the host exchanging identity information.

d. Define a SA Lifetime (secs) to define an interval (in seconds) that (when expired) forces a

new association negotiation.

e. Define a SA Lifetime (Kb) to time out the security association after the specified traffic (in

kilobytes) has passed through the IPSec tunnel using the security association.

f.

Use the ACL ID drop-down menu to permit a Crypto Map data flow using the permissions
within the selected ACL.

g. Use the PFS drop-down menu to specify a group to require perfect forward secrecy (PFS) in

requests received from the peer.

h. Use the Remote Type drop-down menu to specify a remote type (either XAuth or L2TP).

i.

Optionally select the SA Per Host checkbox to specify that separate IPSec SAs should be
requested for each source/destination host pair.