Controller Security
Summit WM3000 Series Controller System Reference Guide374
4 Select an index and click the Details button to display a more robust set of statistics for the selected
index.
Use this information to discern whether changes to an existing IKE configuration is warranted or if a
new configuration is required.
5 Click the Stop Connection button to terminate the statistic collection of the selected IKE peer.
Configuring IPSec VPN
Use IPSec Virtual Private Network (VPN) to define secure tunnels between two peers. Configure which
packets are sensitive and should be sent through secure tunnels, and what should be used to protect
these sensitive packets. Once configured, an IPsec peer creates a secure tunnel and sends the packet
through the tunnel to the remote peer.
IPSec tunnels are sets of security associations (SA) established between two peers. The security
associations define which protocols and algorithms are applied to sensitive packets, and what keying
material is used by the two peers. Security associations are unidirectional and established per security
protocol.
To configure IPSec security associations, Extreme Networks uses the Crypto Map entries. Crypto Map
entries created for IPSec pull together the various parts used to set up IPSec security associations.
Crypto Map entries include transform sets. A transform set is an acceptable combination of security
protocols, algorithms and other settings to apply to IPSec protected traffic.
The Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction
with the IPSec standard. IKE automatically negotiates IPSec security associations and enables IPSec
secure communications without costly manual configuration. To support IPSec VPN functionality, the
following configuration activities are required:
● Configure a DHCP Sever to assign public IP address
An IPSec client needs an IP address before it can connect to the VPN Server and create an IPSec
tunnel. A DHCP Server needs to be configured on the interface to distribute public IP addresses to
the IPSec clients.
● Configure a Crypto policy (IKE)
IKE automatically negotiates IPSec security associations and enables IPSec secure communications
without costly manual pre-configuration. IKE eliminates the need to manually specify all the IPSec
Index
Displays the alpha-numeric name (index) used to identify individual SAs.
Phase 1 done
Displays whether this index is completed with the phase 1
(authentication) credential exchanged between peers.
Created Date
Displays the exact date the SA was configured for each index displayed.
Local Identity
Specifies the address the local IKE peer uses to identify itself to the
remote peer.
Remote Identity
Specifies the address the remote IKE peer uses to identify itself to a local
peer.
Number of
Negotiations
During IKE negotiations the peers must identify themselves to each other.
This value is helpful in determining the network address information used
to validate peers.
Number of Bytes
Displays the number of bytes passed between the peers for the specified
index.
To Next Page
Loading...