Use Case: Remote Vpn; Network Overview - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

3-18 WS5100 Series Switch Migration Guide

3.4 Use Case: Remote VPN

In this scenario we have a mobile unit connected wirelessly to a WS5100 switch which needs to access a

corporate network (trusted network) securely using the switch's IPSec VPN functionality.

In the above diagram, a Motorola client is associated to WLAN 1 that is attached to VLAN1 on the switch.

VLAN1 is on the 157.235.188.x subnet and is running a DHCP Server that supplies IP addresses for this

subnet. The corporate network is on VLAN3 of the switch, which has a 192.168.0.x subnet.

The two networks use unregistered addresses and are connected over the public Internet by site-to-site VPN.

In this example NAT is required for the connections to the public Internet. However NAT is not required for

traffic between the two networks, which can be transmitted using a VPN tunnel over the public Internet. This

allows a wired LAN in branch offices to be bridged directly to the central site while maintaining security.

3.4.1 Network Overview

The Motorola client in this example is associated with WLAN1 and received an IP address of 157.235.188.4

from the DHCP server on VLAN1. This client wants to access the 192.168.0.x network securely. This will be

accomplished using the switch's IP Sec, IKE and XAuth VPN features.

If the client is VPN enabled, it initiates a connection with the VPN server on the switch, the client and server

then exchange device authentication via Internet Key Exchange (IKE), followed by user authentication using

IKE Extended Authentication (Xauth). Client related configuration is then pushed to the client using Mode

Configuration, and an IPsec security association (SA) is created. Once the client establishes an IKE SA

configured for Xauth, the client must wait for a "username/password" challenge and then responds to the

challenge with their username and password.

If the switch indicates that authentication was successful, the client requests further configuration

parameters from the switch. At this stage the internal IP address (virtual IP) is pushed to the client from a

pool configured under Client Mode Configuration, IPsec SAs are created, and the connection is complete.

Table of Contents

Use Case: Remote Vpn; Network Overview - Motorola WS5100 Series Migration Giude

3.4 Use Case: Remote VPN

3.4.1 Network Overview

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents