Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

154

Brocade Mobility 5181 Access Point Product Reference Guide

53-1002516-01

Configuring VPN tunnels

6

NOTE

When entering Inbound or Outbound encryption or authentication keys, an error message
could display stating the keys provided are “weak”. Some WEP attack tools invoke a dictionary
to hack WEP keys based on commonly used words. To avoid entering a weak key, try to not to
produce a WEP key using commonly used terms and attempt to mix alphabetic and numerical
key attributes when possible.

AH Authentication

AH provides data authentication and anti-replay services for the
VPN tunnel. Select the required authentication method from the
drop-down menu:
None - Disables AH authentication. The rest of the fields are not
active.
MD5 - Enables the Message Digest 5 algorithm requiring 128-bit
(32-character hexadecimal) keys.
SHA1 - Enables Secure Hash Algorithm 1, requiring 160-bit
(40-character hexadecimal) keys.

Inbound AH
Authentication Key

Configure a key for computing the integrity check on inbound
traffic with the selected authentication algorithm. The key must be
32/40 (for MD5/SHA1) hexadecimal (0-9, A-F) characters in
length. The key value must match the corresponding outbound key
on the remote security gateway.

Outbound AH
Authentication Key

Configure a key for computing the integrity check on outbound
traffic with the selected authentication algorithm. The key must be
32/40 (for MD5/SHA1) hexadecimal (0-9, A-F) characters in
length. The key value must match the corresponding inbound key
on the remote security gateway.

Inbound SPI (Hex)

Enter an up to six-character hexadecimal value to identify the
inbound security association created by the AH algorithm. The
value must match the corresponding outbound SPI value
configured on the remote security gateway.

Outbound SPI (Hex)

Provide an up to six-character hexadecimal value to identify the
outbound security association created by the AH algorithm. The
value must match the corresponding inbound SPI value configured
on the remote security gateway.

ESP Type

ESP provides packet encryption, optional data authentication and
anti-replay services for the VPN tunnel. Use the drop-down menu
to select the ESP type. Options include:
None - Disables ESP. The rest of the fields are not be active.
ESP - Enables ESP for the tunnel.
ESP with Authentication - Enables ESP with authentication.

ESP Encryption
Algorithm

Select the encryption and authentication algorithms for the VPN
tunnel using the drop-down menu.
DES - Uses the DES encryption algorithm requiring 64-bit
(16-character hexadecimal) keys.
3DES - Uses the 3DES encryption algorithm requiring 192-bit
(48-character hexadecimal) keys.
AES 128-bit: - Uses the Advanced Encryption Standard algorithm
with 128-bit (32-character hexadecimal) keys.
AES 192-bit: - Uses the Advanced Encryption Standard algorithm
with 192-bit (48-character hexadecimal) keys.
AES 256-bit: - Uses the Advanced Encryption Standard algorithm
with 256-bit (64-character hexadecimal) keys.