Overriding a profile’s vpn configuration – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

186

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

5

a. Provide the name of the trustpoint in question within the Trustpoint Name field. The name

cannot exceed 32 characters.

b. Enter the resource ensuring the trustpoint’s legitimacy within the URL field.

c. Use the spinner control to specify an interval (in hours) after which a device copies a CRL

file from an external server and associates it with a trustpoint.

7. Select OK to save the changes and overrides made within the Certificate Revocation screen.

Select Reset to revert to the last saved configuration.

Overriding a Profile’s VPN Configuration

Overriding a Profile’s Security Configuration

IPSec VPN provides a secure tunnel between two networked peer devices. Administrators can
define which packets are sent within the tunnel, and how they’re protected. When a tunnelled peer
sees a sensitive packet, it creates a secure tunnel and sends the packet through the tunnel to its
remote peer destination.

Tunnels are sets of security associations (SA) between two peers. SAs define the protocols and
algorithms applied to sensitive packets and specify the keying mechanisms used by tunnelled
peers. SAs are unidirectional and exist in both the inbound and outbound direction. SAs are
established per the rules and conditions of defined security protocols (AH or ESP).

Use crypto maps to configure IPSec VPN SAs. Crypto maps combine the elements comprising IPSec
SAs. Crypto maps also include transform sets. A transform set is a combination of security
protocols, algorithms and other settings applied to IPSec protected traffic. One crypto map is
utilized for each IPSec peer, however for remote VPN deployments one crypto map is used for all
the remote IPSec peers.

Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction
with IPSec. IKE enhances IPSec by providing additional features, flexibility, and configuration
simplicity for the IPSec standard. IKE automatically negotiates IPSec SAs, and enables secure
communications without time consuming manual pre-configuration.

To define a profile’s VPN settings:

Select Devices from the Configuration tab.

Select a target device (by double-clicking it) from amongst those displayed within the Device
Configuration screen.

Select Profile Overrides from the Device menu to expand it into sub menu options.

Expand the Security menu and select VPN.

The profile’s VPN configuration can be set or overridden using either a VPN setup wizard or
by manually configuring the required advanced settings. WiNG provides two (2) wizards
providing either minimal or more thorough administration.