Setting the profile’s vpn configuration – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

479

53-1003099-01

8

a. Provide the name of the trustpoint in question within the Trustpoint Name field. The name

cannot exceed 32 characters.

b. Enter the resource ensuring the trustpoint’s legitimacy within the URL field.

c. Use the spinner control to specify an interval (in hours) after which a device copies a CRL

file from an external server and associates it with a trustpoint.

7. Select OK to save the changes made within the Certificate Revocation screen. Select Reset to

revert to the last saved configuration.

Setting the Profile’s VPN Configuration

Profile Security Configuration

IPSec VPN provides a secure tunnel between two networked peer controllers or service platforms.
Administrators can define which packets are sent within the tunnel, and how they’re protected.
When a tunnelled peer sees a sensitive packet, it creates a secure tunnel and sends the packet
through the tunnel to its remote peer destination.

Tunnels are sets of security associations (SA) between two peers. SAs define the protocols and
algorithms applied to sensitive packets and specify the keying mechanisms used by tunnelled
peers. SAs are unidirectional and exist in both the inbound and outbound direction. SAs are
established per the rules and conditions of defined security protocols (AH or ESP).

Use crypto maps to configure IPSec VPN SAs. Crypto maps combine the elements comprising IPSec
SAs. Crypto maps also include transform sets. A transform set is a combination of security
protocols, algorithms and other settings applied to IPSec protected traffic. One crypto map is
utilized for each IPsec peer, however for remote VPN deployments one crypto map is used for all
the remote IPsec peers.

Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction
with IPSec. IKE enhances IPSec by providing additional features, flexibility, and configuration
simplicity for the IPSec standard. IKE automatically negotiates IPSec SAs, and enables secure
communications without time consuming manual pre-configuration.

To define a profile’s VPN settings:

1. Select the Configuration tab from the Web UI.

2. Select Profiles from the Configuration tab.

3. Select Manage Profiles from the Configuration > Profiles menu.

4. Select Security.

5. Select VPN Configuration.

The Basic Settings tab displays by default. Refer to the Peer Settings table to add peer
addresses and keys for VPN tunnel destinations. Use the + Add Row function as needed to
add additional destinations and keys.