Configuring auto key settings – Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

224

Brocade Mobility 7131 Access Point Product Reference Guide

53-1002517-01

6

The Inbound and Outbound SPI settings are required to be interpolated to function
correctly. For example:

•

AP1 Inbound SPI = 800

•

AP1 Outbound SPI = 801

•

AP2 Inbound SPI = 801

•

AP2 Outbound SPI = 800

4. Click Ok to return to the VPN screen. Click Apply to retain the settings made on the Manual Key

Settings screen.

5. Click Cancel to return to the VPN screen without retaining the changes made to the Manual

Key Settings screen.

Configuring Auto Key Settings

The Mobility 7131 Access Point’s Network Management System can automatically set encryption
and authentication keys for VPN access. Use the Auto Key Settings screen to specify the type of
encryption and authentication, without specifying the keys. To manually specify keys, cancel out of
the Auto Key Settings screen, select the Manual Key Exchange radio button, and set the keys within
the Manual Key Setting screen.

To configure auto key settings for the Mobility 7131 Access Point:

1. Select Network Configuration -> WAN -> VPN from the Mobility 7131 Access Point menu tree.

2. Refer to the VPN Tunnel Config field, select the Auto (IKE) Key Exchange radio button and click

the Auto Key Settings button.

ESP Authentication
Algorithm

Select the authentication algorithm to use with ESP. This option is available only when

ESP

with Authentication

was selected for the ESP type. Options include:

•

MD5 - Enables the Message Digest 5 algorithm, which requires 128-bit
(32-character hexadecimal) keys.

•

SHA1 - Enables Secure Hash Algorithm 1, which requires 160-bit
(40-character hexadecimal) keys.

Inbound ESP
Authentication Key

Define a key for computing the integrity check on the inbound traffic with the selected
authentication algorithm. The key must be 32/40 (for MD5/SHA1) hexadecimal (0-9, A-F)
characters in length. The key must match the corresponding outbound key on the remote
security gateway.

Outbound ESP
Authentication Key

Enter a key for computing the integrity check on outbound traffic with the selected
authentication algorithm. The key must be 32/40 (for MD5/SHA1) hexadecimal (0-9, A-F)
characters in length. The key must match the corresponding inbound key on the remote
security gateway.

Inbound SPI (Hex)

Define an (up to) six-character (maximum) hexadecimal value to identify the inbound
security association created by the encryption algorithm. The value must match the
corresponding outbound SPI value configured on the remote security gateway.

Outbound SPI (Hex)

Enter an (up to) six-character (maximum) hexadecimal value to identify the outbound
security association created by the encryption algorithm. The value must match the
corresponding inbound SPI value configured on the remote security gateway.