Summit WM3000 Series Controller System Reference Guide 33
A VPN is used to provide secure access between two subnets separated by an unsecured network.
There are two types of VPNs:
● Site-Site VPN — For example, a company branching office traffic to another branch office traffic with
an unsecured link between the two locations.
● Remote VPN — Provides remote user ability to access company resources from outside the company
premises.
The controller supports:
● IPSec termination for site to site
● IPSec termination for remote access
● IPSec traversal of firewall filtering
● IPSec traversal of NAT
● IPSec/L2TP (client to controller)
NAT
Network Address Translation (NAT) is supported for packets routed by the controller. The following types
of NAT are supported:
● Port NAT– Port NAT (also known as NAPT) entails multiple local addresses are mapped to single
global address and a dynamic port number. The user is not required to configure any NAT IP
address. Instead IP address of the public interface of the controller is used to NAT packets going out
from private network and vice versa for packets entering private network.
● Static NAT– Static NAT is similar to Port NAT with the only difference being that it allows the user
to configure a source NAT IP address and/or destination NAT IP address to which all the packets
will be NATted to. The source NAT IP address is used when hosts on a private network are trying to
access a host on a public network. A destination NAT IP address can be used for public hosts to talk
to a host on a private network.
Certificate Management
Certificate Management is used to provide a standardized procedure to:
● Generate a Server certificate request and upload the server certificate signed by certificate authority
(CA).
● Uploading of CA's root certificate
● Creating a self-signed certificate
Certificate management will be used by the applications HTTPS, VPN, HOTSPOT and Radius. For
information on configuring controller certificate management, see “Creating Server Certificates” on
page 411.
NAC
Using Network Access Control (NAC), the controller hardware and software grants access to specific
network resources. NAC performs a user and MU authorization check for resources that do not have a
NAC agent. NAC verifies a MU’s compliance with the controller’s security policy. The controller
supports only the EAP/802.1x type of NAC. However, the controller also provides a mean to bypass
To Next Page
Loading...