Brocade Mobility 7131N-FGR Access Point Product Reference Guide (Supporting software release 4.0.0.0-35GRN and later) User Manual

190

Brocade Mobility 7131N-FGR Product Reference Guide

53-1001947-01

Configuring VPN tunnels

6

Remote ID Type

Select the type of ID to be used for the Brocade Mobility
7131N-FGR Access Point end of the tunnel from the Remote ID
Type drop-down menu.

•

IP - Select the IP option if the remote ID type is the IP address
specified as part of the tunnel.

•

FQDN - Select FQDN if the remote ID type is a fully qualified
domain name (such as brocade.com). The setting for this
field does not have to be fully qualified, however it must
match the setting for the Certificate Authority.

•

UFQDN - Select this item if the remote ID type is a user
unqualified email address (such as [email protected]).
The setting for this field does not have to be unqualified, it
just must match the setting of the field of the Certificate
Authority.

Remote ID Data

If FQDN or UFQDN is selected, specify the data (either the qualified
domain name or the user name) in the Remote ID Data field.

IKE Authentication
Mode

Select the IKE authentication mode:

•

Pre-Shared Key (PSK) - Specify an authenticating algorithm
and passcode used during authentication.

IKE Authentication
Algorithm

IKE provides data authentication and anti-replay services for the
VPN tunnel.

•

SHA1 - Enables Secure Hash Algorithm. No keys are required
to be manually provided.

IKE Authentication
Passphrase

If you selected Pre-Shared Key as the authentication mode, you
must provide a passphrase.

IKE Encryption
Algorithm

Select the encryption and authentication algorithms for the VPN
tunnel from the drop-down menu.

•

3DES - Enables the 3DES encryption algorithm. No keys are
required to be manually provided.

•

AES 128-bit - Uses the Advanced Encryption Standard
algorithm with 128-bit. No keys are required to be manually
provided.

•

AES 192-bit - Enables the Advanced Encryption Standard
algorithm with 192-bit. No keys are required to be manually
provided.

•

AES 256-bit - Uses the Advanced Encryption Standard
algorithm with 256-bit. No keys are required to be manually
provided.

Key Lifetime

The number of seconds the key is valid. At the end of the lifetime,
the key is renegotiated.
The Brocade Mobility 7131N-FGR Access Point forces
renegotiation every 3600 seconds. There is no way to change the
renegotiation value. If the IKE Lifetime is greater than 3600, the
keys still get renegotiated every 3600 seconds.

Diffie Hellman Group

Select a Diffie-Hellman Group to use. The Diffie-Hellman key
agreement protocol allows two users to exchange a secret key over
an insecure medium without any prior secrets. Two algorithms
exist, 768-bit and 1024-bit. Select one of the following options:

•

Group 1 - 768 bit - Somewhat faster than the 1024-bit
algorithm, but secure enough in most situations.

•

Group 2 - 1024 bit - Somewhat slower than the 768-bit
algorithm, but much more secure and a better choice for
extremely sensitive situations.