beautypg.com

Ike-lifetime – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 604

background image

Brocade Mobility RFS Controller CLI Reference Guide

591

53-1003098-01

7

ip nat crypto

Example

rfs4000-229D58config-profile-testBrocade Mobility

RFS4000-crypto-auto-ipsec-secure)#ip nat crypto

rfs4000-229D58config-profile-testBrocade Mobility

RFS4000-crypto-auto-ipsec-secure)#

rfs4000-229D58config-profile-testBrocade Mobility

RFS4000-crypto-auto-ipsec-secure)#show context

crypto auto-ipsec-secure

remotegw ike-version ikev2 uniqueid

ip nat crypto

rfs4000-229D58config-profile-testBrocade Mobility

RFS4000-crypto-auto-ipsec-secure)#

ike-lifetime

crypto-auto-ipsec-tunnel commands

Configures the IKE SA’s key lifetime in seconds

The lifetime defines how long a connection (encryption/authentication keys) should last, from
successful key negotiation to expiration. Two peers need not exactly agree on the lifetime, though if
they do not, there is some clutter for a superseded connection on the peer defining the lifetime as
longer.

Supported in the following platforms:

Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point

Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000

Service Platforms — Brocade Mobility RFS9510

Syntax:

ike-lifetime <600-86400>

Parameters

ike-lifetime <600-86400>

ip nat crypto

Enables unique identification of APs and the hosts present in each AP’s subnet
Providing a unique ID enables the access point, wireless controller, or service platform to uniquely identify
the destination device. This is essential in networks where there are multiple APs behind a router, or when
two (or more) APs behind two (or more) different routers have the same IP address. Further, the same
subnet exists behind these APs.
For example, let us consider a scenario where there are two APs (A and B) behind two routers (1 and 2). AP
‘A’ is behind router ‘1’. And AP ‘B’ is behind router ‘2’. Both these APs have the same IP address
(192.168.13.8). The subnet behind APs A and B is also the same (100.1.1.0/24). In such a scenario the
controller fails to uniquely identify the hosts present in either AP’s subnet.
For more information, see

remotegw

and

crypto

.

ike-lifetime
<600-86400>

Sets the IKE SA’s key lifetime in seconds

<600-86400> – Specify a value fro m 600 - 86400 seconds.

See also other documents in the category Brocade Computer Accessories: