Advanced vpn configuration – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 206
194
Brocade Mobility RFS Controller System Reference Guide
53-1003099-01
5
Review the configuration and select Done initiate the creation of the VPN tunnel. Use the Back
button to navigate to the previous screen. Select Close to close the wizard without creating a VPN
Tunnel.
Advanced VPN Configuration
The advanced VPN configuration option does not utilize a setup wizard. Rather, it utilizes and its
own screen flow where just about every facet of a VPN tunnel configuration can be set by a
qualified network administrator.
For detailed information on creating a VPN tunnel configuration, refer to
.
Overriding a Profile’s Auto IPSec Tunnel Configuration
Overriding a Profile’s Security Configuration
Auto IPSec tunneling provides a secure tunnel between two networked peer controllers or service
platforms and associated Access Points which are within a range of valid IP addresses.
Administrators can define which packets are sent within the tunnel, and how they’re protected.
When a tunnelled peer sees a sensitive packet, it creates a secure tunnel and sends the packet
through the tunnel to its remote peer destination or associated Access Point
Tunnels are sets of security associations (SA) between two peers. SAs define the protocols and
algorithms applied to sensitive packets and specify the keying mechanisms used by tunnelled
peers. SAs are unidirectional and exist in both the inbound and outbound direction. SAs are
established per the rules and conditions of defined security protocols (AH or ESP).
Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction
with IPSec. IKE enhances IPSec by providing additional features, flexibility, and configuration
simplicity for the IPSec standard. IKE enables secure communications without time consuming
manual pre-configuration for auto IPSec tunneling.
To define an Auto IPSec Tunnel configuration or override that can be applied to a profile:
1. Select Devices from the Configuration tab.
The Device Configuration screen displays a list of managed devices or peer controllers, service
platforms or Access Points.
2. Select a target device (by double-clicking it) from amongst those displayed within the Device
Configuration screen.
Devices can also be selected directly from the Device Browser in the lower, left-hand, side of
the UI.
3. Select Profile Overrides from the Device menu to expand it into sub menu options.
4. Select Security to expand its sub menu options.
5. Select Auto IPSec Tunnel.