Ikesa – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 965
Brocade Mobility RFS Controller System Reference Guide
953
53-1003099-01
15
VPN
IPSec VPN provides a secure tunnel between two networked peer controllers or service platforms.
Administrators can define which packets are sent within the tunnel, and how they are protected.
When a tunnelled peer sees a sensitive packet, it creates a secure tunnel and sends the packet
through the tunnel to its remote peer destination.
Tunnels are sets of security associations (SA) between two peers. SAs define the protocols and
algorithms applied to sensitive packets and specify the keying mechanisms used by tunnelled
peers. SAs are unidirectional and exist in both the inbound and outbound direction. SAs are
established per the rules and conditions of defined security protocols (AH or ESP).
Crypto maps combine the elements comprising IPSec SAs. Crypto maps also include transform
sets. A transform set is a combination of security protocols, algorithms and other settings applied
to IPSec protected traffic. One crypto map is utilized for each IPsec peer, however for remote VPN
deployments one crypto map is used for all the remote IPsec peers.
Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction
with IPSec. IKE enhances IPSec by providing additional features, flexibility, and configuration
simplicity for the IPSec standard. IKE automatically negotiates IPSec SAs, and enables secure
communications without time consuming manual pre-configuration.
VPN statistics are partitioned into the following:
•
•
IKESA
The IKESA screen allows for the review of individual peer security association statistics.
1. Select the Statistics menu from the Web UI.
2. Select System from the navigation pane (on the left-hand side of the screen). Expand a RF
Domain, select a controller or service platform, and select one of its connected Access Points.
3. Select VPN and expand the menu to reveal its sub menu items.
4. Select IKESA.
Lease Time
When a DHCP server allocates an address for a DHCP client, the client is assigned a lease (which expires
after a designated interval defined by the administrator). The lease time is the time an IP address is
reserved for re-connection after its last use. Using very short leases, DHCP can dynamically reconfigure
networks in which there are more computers than there are available IP addresses. This is useful, for
example, in education and customer environments where client users change frequently. Use longer
leases if there are fewer users.
Time Elapsed Since
Last Updated
Displays the time the server was last updated.
Clear All
Select the Clear All
button to clear the screen of its current status and begin a new data collection.
Refresh
Select the Refresh button to update the screen’s statistics counters to their latest values.