Frequently asked vpn questions – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

410

Brocade Mobility 5181 Access Point Product Reference Guide

53-1002516-01

Configuring an IPSEC tunnel and VPN FAQs

B

18. Check the VPN Status screen. Notice the status displays "NOT_ACTIVE". This screen

automatically refreshes to get the current status of the VPN tunnel. Once the tunnel is active,
the IKE_STATE changes from NOT_CONNECTED to SA_MATURE.

19. On access point #2/ Device #2, repeat the same procedure. However, replace access point #2

information with access point #1 information.

20. Once both tunnels are established, ping each side of the tunnel to ensure connectivity.

Frequently asked VPN questions

The following are common questions that arise when configuring a VPN tunnel.

•

Question 1: Does the access point IPSec tunnel support multiple subnets on the other end of a
VPN concentrator?
Yes. The access point can access multiple subnets on the other end of the VPN Concentrator
from the access point's Local LAN Subnet by:

•

Creating multiple VPN Tunnels. The AP supports a maximum of 25 tunnels.

•

When using the Remote Subnet IP Address with an appropriate subnet mask, the AP can
access multiple subnets on the remote end.

For example: If creating a tunnel using 192.168.0.0/16 for the Remote Subnet IP address, the
following subnets could be accessed:

192.168.1.x

192.168.2.x

192.168.3.x, etc

•

Question 2: Even if a wildcard entry of "0.0.0.0" is entered in the Remote Subnet field in the
VPN configuration page, can the AP access multiple subnets on the other end of a VPN
concentrator for the APs LAN/WAN side?
No. Using a "0.0.0.0" wildcard is an unsupported configuration. In order to access multiple
subnets, the steps in Question #1 must be followed.

•

Question 3: Can the AP be accessed via its LAN interface of AP#1 from the local subnet of
AP#2 and vice versa?
Yes.