Use Case For Remote Vpn - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

11-31

VPN

11.6 Use Case for Remote VPN

Let's take an example of a mobile unit connected to a switch. The use case is that it wants an access to the

corporate (trusted network) securely using our IPSec VPN functionality.

Figure 11.2 Configuring VPN

In the

Figure

11.2, a Motorola client is associated to a WLAN (say wlan1) that is attached to vlan2 on the

switch. vlan2 is on a subnet10.1.1.x and is running a DHCP Server that dishes out IP addresses for this

subnet. Also the corporate is on vlan3 of the switch, which has 192.168.0.x subnet.

The client being associated to wlan1 has got an IP address of 10.1.1101x (lets say) and wants to access the

192.168.0.x network securely.

In case the client is VPN enabled, it initiates a connection with the VPN server on our switch, the

"conversation" that occurs between the peers consists of device authentication via Internet Key Exchange

(IKE), followed by user authentication using IKE Extended Authentication (Xauth), push client relate

configuration (using Mode Configuration), and IPsec security association (SA) creation.

Depending on the switch IPSec configuration (as discussed in the previous sections), the client establishes

an IKE SA and if the switch is configured for Xauth, the client waits for a "username/password" challenge

and then responds to the challenge of the switch.

If the switch indicates that authentication is successful, the client requests further configuration parameters

from the switch. At this stage the private IP address (mode-config) is pushed to the client from a private

address pool, configured for remote VPN clients. Following this, IPsec SA's are created and the connection is

complete.

Once the client has got a virtual IP, further packets from the client within the IPSec tunnel are routed to the

corresponding VLAN interface (in our case vlan3) and hence the client gets the access to the corporate. The

thing to note is that the IPSec tunnel is only between the client and the switch. After that the packets on the

trusted side are sent without any encryption.

Table of Contents

Use Case For Remote Vpn - Motorola WS5100 Series Migration Giude

11.6 Use Case for Remote VPN

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents