Summit WM3000 Series Controller System Reference Guide 367
The IKE configuration is defined by the following:
● Defining the IKE Configuration
● Setting IKE Policies
● Viewing SA Statistics
By default, the IKE feature is enabled. Extreme Networks does not support disabling the IKE server.
The default isakmp policy will not be picked up for IKE negotiation if another crypto isakmp policy is created. For
the default isakmp policy to be picked up for AP adoption you must first create the default isakmp policy as a new
policy with default parameters. This needs to be done if multiple crypto isakmp policies are needed in the controller
configuration.
Defining the IKE Configuration
Refer to the Configuration tab to enable (or disable) IKE and define the IKE identity (for exchanging
identities) and aggressive mode. Aggressive mode reduces messages exchanged when establishing IKE
SAs (used in phase 2).
Use IKE to specify IPSec tunnel attributes for an IPSec peer and initiate an IKE aggressive mode
negotiation with the tunnel attributes. This feature is best implemented in a crypto hub scenario. Users
initiate IKE aggressive mode negotiation with the controller using pre-shared keys specified as tunnel
attributes. This scenario is scalable since the keys are kept at a central repository (the Radius server) and
more than one controller and application can use the information.
To view the current set of IKE configurations:
1 Select Security > IKE Settings from the main menu tree.
2 Click the Configurations tab.
To Next Page
Loading...