Auto ipsec tunnel – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

172

Brocade Mobility Access Point System Reference Guide

53-1003100-01

5

Define the following IKE Dead Peer Detection settings:

Select OK to save the updates made to the Global Settings screen. Selecting Reset reverts the
screen to its last saved configuration.

Auto IPSec Tunnel

Profile Security Configuration

IPSec tunnels are established to secure traffic, data and management traffic, from access points
to remote wireless controllers. Secure tunnels must be established between access points and the
wireless controller with minimum configuration pushed through DHCP option settings.

1. Select the Configuration tab from the Web UI.

2. Select Devices.

3. Select System Profile from the options on left-hand side of the UI.

4. Expand the Security menu and select Auto IPSec Tunnel.

FIGURE 72

Profile Security – Auto IPSec Tunnel screen

DPD Keep Alive

Define the interval (or frequency) of IKE keep alive messages for dead peer detection. Options
include Seconds (10 - 3,600), Minutes (1 - 60) and Hours (1). The default setting is 30 seconds.

DPD Retries

Use the spinner control to define the number of keep alive messages sent to an IPSec VPN client
before the tunnel connection is defined as dead. The available range is from 1 - 100. The default
number of messages is 5.

NAT Keep Alive

Define the interval (or frequency) of NAT keep alive messages for dead peer detection. Options
include Seconds (10 - 3,600), Minutes (1 - 60) and Hours (1). The default setting is 20 seconds.

Cookie Challenge Threshold

Use the spinner control to define the threshold (1 - 100) that, when exceeded, enables the cookie
challenge mechanism.

Crypto NAT Pool

Use the drop-down menu to select the NAT pool for internal source NAT for IPSec tunnels.