Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

152

Brocade Mobility 5181 Access Point Product Reference Guide

53-1002516-01

Configuring VPN tunnels

6

NOTE

When creating a tunnel, the remote subnet and remote subnet mask must be that of the target
device’s LAN settings. The remote gateway must be that of the target device’s WAN IP address.

If access point #1 has the following values:

•

WAN IP address: 20.1.1.2

•

LAN IP address: 10.1.1.1

•

Subnet Mask: 255.0.0.0

Then, the VPN values for access point #2 should be:

•

Remote subnet: 10.1.1.0 or 10.0.0.0

•

Remote subnet mask: 255.0.0.0

•

Remote gateway: 20.1.1.2

3. If a VPN tunnel has been added to the list of available Mobility 5181 Access Point tunnels, use

the VPN Tunnel Config field to optionally modify the tunnel’s properties.

Remote Subnet

The Remote Subnet column lists the remote subnet for each
tunnel. The remote subnet is the subnet the remote network uses
for connection.

Remote Gateway

The Remote Gateway column lists a remote gateway IP address for
each tunnel. The numeric remote gateway is the gateway IP
address on the remote network the VPN tunnel connects to.
Ensure the address is the same as the WAN port address of the
target gateway AP or controller.

Key Exchange Type

The Key Exchange Type column lists the key exchange type for
passing keys between both ends of a VPN tunnel. If Manual Key
Exchange is selected, this column displays Manual. If Auto (IKE)
Key Exchange is selected, the field displays Automatic.

Tunnel Name

Enter a name to define the VPN tunnel. The tunnel name is used to
uniquely identify each tunnel. Select a name best suited to that
tunnel’s function so it can be selected again in the future if
required in a similar application.

Interface name

Use the drop-down menu to specify the LAN1, LAN2 or WAN
connection used for routing VPN traffic. Remember, only one LAN
connection can be active on the access point Ethernet port at a
time. The LAN connection specified from the LAN screen to receive
priority for Ethernet port connectivity may be the better subnet to
select for VPN traffic.

Local WAN IP

Enter the WAN’s numerical (non-DNS) IP address in order for the
tunnel to pass traffic to a remote network.

Remote Subnet

Specify the numerical (non-DNS) IP address for the Remote
Subnet.

Remote Subnet Mask Enter the subnet mask for the tunnel’s remote network for the

tunnel. The remote subnet mask is the subnet setting for the
remote network the tunnel connects to.

Remote Gateway

Enter a numerical (non-DNS) remote gateway IP address for the
tunnel. The remote gateway IP address is the gateway address on
the remote network the VPN tunnel connects to.