Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

Page 425

Advertising
background image

Brocade Mobility 5181 Access Point Product Reference Guide

411

53-1002516-01

Configuring an IPSEC tunnel and VPN FAQs

B

Question 4: Will the default "Manual Key Exchange" settings work without making any
changes?
No. Changes need to be made. Enter Inbound and Outbound ESP Encryption keys on both APs.
Each one should be of 16 Hex characters (depending on the encryption or authentication
scheme used). The VPN tunnel can be established only when these corresponding keys match.
Ensure the Inbound/Outbound SPI and ESP Authentication Keys have been properly specified.

Question 5: Can an IPSec tunnel over a PPPoE connection be established - such as a PPPoE
enabled DSL link?
Yes. The access point supports tunneling when using a PPPoE username and password.

Question 6: Can I setup an access point so clients can access both the WAN normally and only
use the VPN when talking to specific networks?
Yes. Only packets that match the VPN Tunnel Settings will be sent through the VPN tunnel. All
other packets will be handled by whatever firewall rules are set.

Question 7: How do I specify which certificates to use for an IKE policy from the access point
certificate manager?
When generating a certificate to use with IKE, use one of the following fields: IP address,
Domain Name, or Email address. Also, make sure you are using NTP when attempting to use
the certificate manager. Certificates are time sensitive.

Configure the following on the IKE Settings page:

Local ID type refers to the way that IKE selects a local certificate to use.

IP - tries the match the local WAN IP to the IP addresses specified in a local certificate.

FQDN - tries to match the user entered local ID data string to the domain name field of the
certificate.

UFQDN - tries to match the user entered local ID data string to the email address field of
the certificate.

Remote ID type refers to the way you identify an incoming certificate as being associated with
the remote side.

IP - tries the match the remote gateway IP to the IP addresses specified in the received
certificate.

FQDN - tries to match the user entered remote ID data string to the domain name field of
the received certificate.

UFQDN - tries to match the user entered remote ID data string to the email address field of the
received certificate.

Advertising
Popular Brands
Popular manuals