Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

158

Brocade Mobility 5181 Access Point Product Reference Guide

53-1002516-01

Configuring VPN tunnels

6

Operation Mode

The Phase I protocols of IKE are based on the ISAKMP
identity-protection and aggressive exchanges. IKE main mode
refers to the identity-protection exchange, and IKE aggressive
mode refers to the aggressive exchange.
Main - Standard IKE mode for communication and key exchange.
Aggressive - Aggressive mode is faster, but less secure than Main
mode. Identities are not encrypted unless public key encryption is
used. The authentication method cannot be negotiated if the
initiator chooses public key encryption

Local ID Type

Select the type of ID to be used for the Mobility 5181 Access Point
end of the SA.
IP - Select IP if the local ID type is the IP address specified as part
of the tunnel.
FQDN - Use FQDN if the local ID is a fully qualified domain name
(such as

sj.brocade.com

).

UFQDN - Select UFQDN if the local ID is a user fully-qualified email
(such as

[email protected]

).

Local ID Data

Specify the FQDN or UFQDN based on the Local ID type assigned.

Remote ID Type

Select the type of ID to be used for the Mobility 5181 Access Point
end of the tunnel from the Remote ID Type drop-down menu.
IP - Select the IP option if the remote ID type is the IP address
specified as part of the tunnel.
FQDN - Select FQDN if the remote ID type is a fully qualified
domain name (such as sj.brocade.com). The setting for this field
does not have to be fully qualified, however it must match the
setting for the Certificate Authority.
UFQDN - Select this item if the remote ID type is a user unqualified
email address (such as [email protected]). The setting for
this field does not have to be unqualified, it just must match the
setting of the field of the Certificate Authority.

Remote ID Data

If FQDN or UFQDN is selected, specify the data (either the qualified
domain name or the user name) in the Remote ID Data field.

IKE Authentication
Mode

Select the appropriate IKE authentication mode:
Pre-Shared Key (PSK) - Specify an authenticating algorithm and
passcode used during authentication.
RSA Certificates - Select this option to use RSA certificates for
authentication purposes. See the CA Certificates and Self
certificates screens to create and import certificates into the
system.

IKE Authentication
Algorithm

IKE provides data authentication and anti-replay services for the
VPN tunnel. Select an authentication methods from the drop-down
menu.
MD5 - Enables the Message Digest 5 algorithm. No keys are
required to be manually provided.
SHA1 - Enables Secure Hash Algorithm. No keys are required to be
manually provided.

IKE Authentication
Passphrase

If you selected Pre-Shared Key as the authentication mode, you
must provide a passphrase.