Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

488

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

8

FIGURE 68

Profile Security - VPN Crypto Map Entry screen

Define the following Settings to set the crypto map configuration:

Sequence

Each crypto map configuration uses a list of entries based on a sequence number.
Specifying multiple sequence numbers within the same crypto map extends connection
flexibility to multiple peers on the same interface, based on this selected sequence number
(from 1 - 1,000).

Type

Define the site-to-site-manual, site-to-site-auto or remote VPN configuration defined for
each listed cyrpto map configuration.

IP Firewall Rules

Use the drop-down menu to select the ACL used to protect IPSec VPN traffic. New
access/deny rules can be defined for the crypto map by selecting the Create icon, or an
existing set of firewall rules can be modified by selecting the Edit icon.

IPSec Transform Set

Select the transform set (encryption and hash algorithms) to apply to this crypto map
configuration.

Mode

Use the drop-down menu to define which mode (pull or push) is used to assign a virtual IP.
This setting is relevant for IKEv1 only, since IKEv2 always uses the configuration payload in
pull mode. The default setting is push.

Local End Point

Select this radio button to define an IP address as a local tunnel end point address. This
setting represents an alternative to an interface IP address.

Perfect Forward Secrecy
(PFS)

PFS is key-establishment protocol, used to secure VPN communications. If one encryption
key is compromised, only data encrypted by that specific key is compromised. For PFS to
exist, the key used to protect data transmissions must not be used to derive any additional
keys. Options include None, 2, 5 and 14. The default setting is None.