Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 501

Advertising
background image

Brocade Mobility RFS Controller System Reference Guide

489

53-1003099-01

8

Select OK to save the updates made to the Crypto Map Entry screen. Selecting Reset reverts the
screen to its last saved setting.

Select Remote VPN Server.

Use this screen to define the server resources used to secure (authenticate) a remote VPN
connection with a target peer.

FIGURE 69

Profile Security - Remote VPN Server screen (IKEv2 example)

Lifetime (kB)

Select this option to define a connection volume lifetime (in kilobytes) for the duration of an
IPSec VPN security association. Once the set volume is exceeded, the association is timed
out. Use the spinner control to set the volume from 500 - 2,147,483,646 kilobytes.

Lifetime (seconds)

Select this option to define a lifetime (in seconds) for the duration of an IPSec VPN security
association. Once the set value is exceeded, the association is timed out. The available
range is from 120 - 86,400 seconds. The default setting is 120 seconds.

Protocol

Select the security protocol used with the VPN IPSec tunnel connection. SAs are
unidirectional, existing in each direction and established per security protocol. Options
include ESP and AH. The default setting is ESP.

Remote VPN Type

Define the remote VPN type as either None or XAuth. XAuth (extended authentication)
provides additional authentication validation by permitting an edge device to request
extended authentication information from an IPSec host. This forces the host to respond
with additional authentication credentials. The edge device responds with a failed or
passed message. The default setting is XAuth.

Manual Peer IP

Select this option to define the IP address of an additional encryption/decryption peer.

Time Out

Set an IPSec security association (SA) timeout in either Seconds (120 - 86,400), Minutes (2
- 1,440), Hours (1 - 24) or Days (1). The default setting is 15 minutes.

Enable NAT after IPSec

Enable this setting to utilize IP/Port NAT on the VPN tunnel. This setting is disabled by
default.

Advertising
Popular Brands
Popular manuals