EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 248

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
248| BranchSwitch Config for Cloud Services Switches AOS-W 6.5.3.x| User Guide
Parameter Description
Description
Peer Gateway Define the peer gateway.
If you selected IPAddress for the Peer Gateway Type option, enter the
appropriate IP address:
n If you are configuring an IPsec map for a dynamically addressed remote
peer, give the peer gateway a default value of 0.0.0.0.
n If you are configuring an IPsec map for a statically addressed remote
peer, enter the IP address of the interface used by the remote peer to
connect to the L3 network .
f you selected FQDN for the Peer Gateway Type option, enter the fully
qualified domain name for the remote peer.
Peer Certificate Subject
Name
If you use IKEv2 to establish a site-to-site VPN for a statically addressed
remote peer, identify the peer device by entering its certificate subject name
in the Peer Certificate Subject Name field.
NOTE: This field is not enabled until you select the Certificate option for
authentication at the bottom of the VPN tab. To identify a peer certificate's
subject name, issue the show crypto-local pki servercert <certname>
subject command in the master switch command-line interface.
Security Association
Lifetime (seconds)
Configures the lifetime for the security association (SA), in seconds.
Security Association
Lifetime (Kilobites)
Specifies the amount of traffic (in kilobytes) that can pass between IPSec
peers in the local and remote networks before the security association
expires.
Version
Click the drop-down list and select None (to create an IPsec map that
doesn't use IKE), IKEv1 or IKEv2.
IKE policies
Select a predefined IKEpolicy, or a policy manually defined on the Con-
figuration > Advanced > VPN Services > IPsec page of the master switch
WebUI. For more information on creating IKEpolicies, seeConfiguring IKE
Policies on page 358.
Factory Certificate
Authentication
Select this option to use factory-installed TPM (Trusted Platform Module)
certificates for VPNauthentication.
VLAN
Select the VLAN containing the interface of the local branch switch that con-
nects to the Layer-3 network. This setting determines the source IP address
used to initiate IKE. If you select None, the default is the VLAN of the switch’s
IP address (either the VLAN where the loopback IP is configured, or VLAN 1 if
no loopback IP is configured).

Table of Contents