Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

490

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

8

Select either the IKEv1 or IKEv2 radio button to enforce peer key exchanges over the remote VPN
server using either IKEv1 or IKEv2.

IKEv2 provides improvements from the original IKEv1 design (improved cryptographic
mechanisms, NAT and firewall traversal, attack resistance etc.) and is recommended in most
deployments. The appearance of the screen differs depending on the selected IKEv1 or IKEv2
mode.

Set the following IKEv1 or IKe v2 Settings:

Refer to the Username Password Settings field and specify local user database user name and
password credentials required for user validation when conducting authentication locally.

Refer to the Wins Server Settings field and specify primary and secondary server resources for
validating RADIUS authentication requests on behalf of a remote VPN client. These external WINS
server resources are available to validate RADIUS resource requests.

Refer to the Name Server Settings field and specify primary and secondary server resources for
validating RADIUS authentication requests on behalf of a remote VPN client. These external name
server resources are available to validate RADIUS resource requests.

Select the IP Local Pool option to define an IP address and mask for a virtual IP pool used to IP
addresses to remote VPN clients.

If using IKEv2, specify these additional DHCP settings (required for IKEv2 only):

Select OK to save the updates made to the Remote VPN Server screen. Selecting Reset reverts the
screen to its last saved configuration.

Select the Remote VPN Client tab.

Authentication Method

Use the drop-down menu to specify the authentication method used to validate the
credentials of the remote VPN client. Options include Local (on board RADIUS resource if
supported) and RADIUS (designated external RADIUS resource). If selecting Local, select
the + Add Row button and specify a User Name and Password for authenticating remote
VPN client connections with the local RADIUS resource. The default setting is Local.
BR6511 model Access Points do not have a local RADIUS resource and must use an
external RADIUS server resource. An ES6510 Ethernet Switch is authenticated by its
management controller or service platform.

AAA Policy

Select the AAA policy used with the remote VPN client. AAA policies define RADIUS
authentication and accounting parameters. The Access Point can optionally use AAA server
resources (when using RADIUS as the authentication method) to provide user database
and authentication data.

DHCP Server Type

Specify whether the DHCP server is specified as an IP address, Hostname (FQDN) or None
(a different classification will be defined). Dynamic Host Configuration Protocol (DHCP)
allows hosts on an IP network to request and be assigned IP addresses and discover
information about the network where they reside.

DHCP Server

Depending on the DHCP server type selected, enter either the numerical IP address,
hostname or other (if None is selected as the server type).

IP Local Pool

Define an IP address and mask for a virtual IP pool used to assign IP addresses to
requesting remote VPN clients.

Relay Agent IP Address

Select this option to define DHCP relay agent IP address.