Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

Brocade Mobility 5181 Access Point Product Reference Guide

413

53-1002516-01

Configuring an IPSEC tunnel and VPN FAQs

B

•

An 'allow' outbound rule.

•

For IKE, an 'allow' inbound rule.

These three rules should be configured above all other rules (default or user defined). When
Advanced LAN Access is used, certain inbound/outbound rules need to be configured to
control incoming/outgoing packet flow for IPSec to work properly (with Advanced LAN Access).
These rules should be configured first before other rules are configured.

•

Question 12: Do I need to add any special routes on the access point to get my VPN tunnel to
work?
No. However, clients could need extra routing information. Clients on the local LAN side should
either use the access point as their gateway or have a route entry tell them to use the access
point as the gateway to reach the remote subnet.

Scr

<Remote Subnet IP range>

Dst

<Local Subnet IP range>

Transport

ANY

Scr port

1:65535

Dst port

1:65535

Rev NAT

None

Scr

<Local Subnet IP range>

Dst

<Remote Subnet IP range>

Transport

ANY

Scr port

1:65535

Dst port

1:65535

NAT

None

Scr

<Remote Subnet IP range>

Dst

<WAN IP address>

Transport

UDP

Scr port

1:65535

Dst port

500

Rev NAT

None