Brocade Mobility 7131N-FGR Access Point Product Reference Guide (Supporting software release 4.0.0.0-35GRN and later) User Manual
Page 197
Brocade Mobility 7131N-FGR Product Reference Guide
185
53-1001947-01
Configuring VPN tunnels
6
AH Authentication
AH provides data authentication and anti-replay services for the
VPN tunnel. Select the required authentication method from the
drop-down menu:
•
None - Disables AH authentication. The rest of the fields are
not active.
•
SHA1 - Enables Secure Hash Algorithm 1, requiring 160-bit
(40-character hexadecimal) keys.
Inbound AH
Authentication Key
Configure a key for computing the integrity check on inbound
traffic with the selected authentication algorithm. The key must be
32/40 hexadecimal (0-9, A-F) characters in length. The key value
must match the corresponding outbound key on the remote
security gateway.
Outbound AH
Authentication Key
Configure a key for computing the integrity check on outbound
traffic with the selected authentication algorithm. The key must be
32/40 hexadecimal (0-9, A-F) characters in length. The key value
must match the corresponding inbound key on the remote security
gateway.
Inbound SPI (Hex)
Enter an up to six-character hexadecimal value to identify the
inbound security association created by the AH algorithm. The
value must match the corresponding outbound SPI value
configured on the remote security gateway.
Outbound SPI (Hex)
Provide an up to six-character hexadecimal value to identify the
outbound security association created by the AH algorithm. The
value must match the corresponding inbound SPI value configured
on the remote security gateway.
ESP Type
ESP provides packet encryption, optional data authentication and
anti-replay services for the VPN tunnel. Use the drop-down menu
to select the ESP type. Options include:
•
ESP - Enables ESP for the tunnel.
•
ESP with Authentication - Enables ESP with authentication.
ESP Encryption
Algorithm
Select the encryption and authentication algorithms for the VPN
tunnel using the drop-down menu.
•
3DES - Uses the 3DES encryption algorithm requiring 192-bit
(48-character hexadecimal) keys.
•
AES 128-bit - Uses the Advanced Encryption Standard
algorithm with 128-bit (32-character hexadecimal) keys.
•
AES 192-bit - Uses the Advanced Encryption Standard
algorithm with 192-bit (48-character hexadecimal) keys.
•
AES 256-bit - Uses the Advanced Encryption Standard
algorithm with 256-bit (64-character hexadecimal) keys.
Inbound ESP Encryption
Key
Enter a key for inbound traffic. The length of the key is determined
by the selected encryption algorithm. The key must match the
outbound key at the remote gateway.
Outbound ESP
Encryption Key
Define a key for outbound traffic. The length of the key is
determined by the selected encryption algorithm. The key must
match the inbound key at the remote gateway.
ESP Authentication
Algorithm
This option is available only when ESP with Authentication was
selected for the ESP type. Options include:
•
SHA1 - Enables Secure Hash Algorithm 1, which requires
160-bit (40-character hexadecimal) keys.