Frequently asked vpn questions – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual
Page 424
410
Brocade Mobility 5181 Access Point Product Reference Guide
53-1002516-01
Configuring an IPSEC tunnel and VPN FAQs
B
18. Check the VPN Status screen. Notice the status displays "NOT_ACTIVE". This screen
automatically refreshes to get the current status of the VPN tunnel. Once the tunnel is active,
the IKE_STATE changes from NOT_CONNECTED to SA_MATURE.
19. On access point #2/ Device #2, repeat the same procedure. However, replace access point #2
information with access point #1 information.
20. Once both tunnels are established, ping each side of the tunnel to ensure connectivity.
Frequently asked VPN questions
The following are common questions that arise when configuring a VPN tunnel.
•
Question 1: Does the access point IPSec tunnel support multiple subnets on the other end of a
VPN concentrator?
Yes. The access point can access multiple subnets on the other end of the VPN Concentrator
from the access point's Local LAN Subnet by:
•
Creating multiple VPN Tunnels. The AP supports a maximum of 25 tunnels.
•
When using the Remote Subnet IP Address with an appropriate subnet mask, the AP can
access multiple subnets on the remote end.
For example: If creating a tunnel using 192.168.0.0/16 for the Remote Subnet IP address, the
following subnets could be accessed:
192.168.1.x
192.168.2.x
192.168.3.x, etc
•
Question 2: Even if a wildcard entry of "0.0.0.0" is entered in the Remote Subnet field in the
VPN configuration page, can the AP access multiple subnets on the other end of a VPN
concentrator for the APs LAN/WAN side?
No. Using a "0.0.0.0" wildcard is an unsupported configuration. In order to access multiple
subnets, the steps in Question #1 must be followed.
•
Question 3: Can the AP be accessed via its LAN interface of AP#1 from the local subnet of
AP#2 and vice versa?
Yes.