beautypg.com

Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 351

background image

Brocade Mobility Access Point System Reference Guide

341

53-1003100-01

5

Overriding Auto IPSec Tunnel Settings

Overriding a Security Configuration

IPSec tunnels are established to secure traffic, data and management traffic, from access points
to remote wireless controllers. Secure tunnels must be established between access points and the
wireless controller with minimum configuration pushed through DHCP option settings.

Select Devices from the Configuration tab.

Select Device Overrides from the Device menu to expand it into sub menu options.

Select a target device from the device browser in the lower, left-hand, side of the UI.

Select Security to expand its sub menu options.

Select Auto IPSec Tunnel to configure its parameters.

FIGURE 183

Device Overrides - Security – Auto IPSec Tunnel screen

Refer to the following table to override the Auto IPSec tunnel settings:

Select OK to save the updates made to the Auto IPSec Tunnel screen. Selecting Reset reverts the
screen to its last saved configuration.

Group ID

Configure the ID string used for IKE authentication. String length can be between 1-64
characters

Authentication Type

Set the IPSec Authentication Type. Options include PSK (Pre Shared Key) or rsa.

Authentication Key

Set the common key for authentication between the remote tunnel peer. Key length is between
8-21 characters

IKE Version

Configure the IKE version to use. The available options are ikev1-main, ikev1-aggr and ikev2.

Enable NAT after IPSec

Select this option to enable NAT after IPSec. Enable this if there are NATted networks behind VPN
tunnels.

Use Unique ID

In scenarios where different access points behind different NAT boxes/routers have the same IP
address, it is not possible to create a tunnel between the wireless controller and access point, as
the wireless controller fails to identify the access point uniquely. When selected, each access
point behind a same NAT box/router will have an unique ID which is used to create the VPN
tunnel.

See also other documents in the category Brocade Computer Accessories: