Use Case 2: Configuring Site-To-Site Vpn - Motorola RFS7000 Reference Manual
Rfs series wireless lan switches
Hide thumbs
Also See for RFS7000:
- Reference manual (588 pages) ,
- System reference manual (466 pages) ,
- Troubleshooting manual (60 pages)
Table of Contents
Advertisement
5.1.9.2 Use Case 2: Configuring Site-to-Site VPN
Intranets use unregistered addresses connected over the public internet by site-to-site
VPN. In this scenario, NAT is required for the connections to the public internet. However
NAT is not required for traffic between the two intranets, which can be transmitted using
a VPN tunnel over the public Internet.
The site-to-site VPN allows branch office mobility controllers to connect back to the
central office using a secure, encrypted tunnel, for all site-to-site traffic. This allows a
wired LAN in the branch office to bridge directly to the central site while maintaining full
security.
This example requires two switches. It can be configured with the following commands:
1. Configuration required on switch 1:
a. Create an extended ACL. This is used to define the tunnel used by the traffic.
RFSwitch(config)#access-list 150 permit ip 12.1.1.0/24
13.1.1.0/24 rule-precedence
b. Create and configure ISAKMP parameters.
RFSwitch(config)#crypto isakmp keepalive 10
RFSwitch(config)#crypto isakmp key SYMBOLAD address
15.1.1.20
RFSwitch(config)#crypto ipsec security-association lifetime
kilobytes 4608000
Global Configuration Commands
5-31
Advertisement
Table of Contents
