Configuring manual key settings – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

Brocade Mobility 5181 Access Point Product Reference Guide

153

53-1002516-01

Configuring VPN tunnels

6

4. Click Apply to save any changes to the VPN screen as well as changes made to the Auto Key

Settings, IKE Settings and Manual Key Settings screens. Navigating away from the screen
without clicking the Apply button results in all changes to the screens being lost.

5. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the

settings displayed on the VPN, Auto Key Settings, IKE Settings and Manual Key Settings
screens to the last saved configuration.

6. Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout

before the applet is closed.

Configuring manual key settings

A transform set is a combination of security protocols and algorithms applied to IPSec protected
traffic. During security association (SA) negotiation, both gateways agree to use a particular
transform set to protect data flow.

A transform set specifies one or two IPSec security protocols (either AH, ESP, or both) and specifies
the algorithms to use for the selected security protocol. If you specify an ESP protocol in a
transform set, specify just an ESP encryption transform or both an ESP encryption transform and
an ESP authentication transform.

When the particular transform set is used during negotiations for IPSec SAs, the entire transform
set (the combination of protocols, algorithms, and other settings) must match a transform set at
the remote end of the gateway.

Use the Manual Key Settings screen to specify the transform sets used for VPN access.

To configure manual key settings for the Mobility 5181 Access Point:

1. Select Network Configuration -> WAN -> VPN from the Mobility 5181 Access Point menu tree.

2. Refer to the VPN Tunnel Config field, select the Manual Key Exchange radio button and click

the Manual Key Settings button.

3. Configure the Manual Key Settings screen to modify the following:

Default Gateway

Displays the WAN interface's default gateway IP address.

Manual Key Exchange Selecting Manual Key Exchange requires you to manually enter

keys for AH and/or ESP encryption and authentication. Click the
Manual Key Settings button to configure the settings.

Manual Key Settings

Select Manual Key Exchange and click the Manual Key Settings
button to open a screen where AH authentication and ESP
encryption/authentication can be configured and keys entered.

Auto (IKE) Key
Exchange

Select the Auto (IKE) Key Exchange checkbox to configure AH
and/or ESP without having to manually enter keys. The keys
automatically generate and rotate for the authentication and
encryption type selected.

Auto Key Settings

Select the Auto (IKE) Key Exchange checkbox, and click the Auto
Key Settings button to open a screen where AH authentication and
ESP encryption/authentication can be configured.

IKE Settings

After selecting Auto (IKE) Key Exchange, click the IKE Settings
button to open a screen where IKE specific settings can be
configured.