Configuring Ipsec Vpn - Brocade Communications Systems RFS6000 System Reference Manual

Local Identity Specifies the address the local IKE peer uses to identify itself to the remote peer.
Remote Identity Specifies the address the remote IKE peer uses to identify itself to a local peer.
Number of During IKE negotiations the peers must identify themselves to each other. This value is helpful in determining the
Negotiations network address information used to validate peers.
Number of Bytes Displays the number of bytes passed between the peers for the specified index.
4. Select an index and click the Details button to display a more robust set of statistics for the
5. Click the Stop Connection button to terminate the statistic collection of the selected IKE peer.

Configuring IPSec VPN

Use IPSec Virtual Private Network (VPN) to define secure tunnels between two peers. Configure
which packets are sensitive and should be sent through secure tunnels, and what should be used
to protect these sensitive packets. Once configured, an IPsec peer creates a secure tunnel and
sends the packet through the tunnel to the remote peer.
IPSec tunnels are sets of security associations (SA) established between two peers. The security
associations define which protocols and algorithms are applied to sensitive packets, and what
keying material is used by the two peers. Security associations are unidirectional and established
per security protocol.
To configure IPSec security associations, Brocade uses the Crypto Map entries. Crypto Map entries
created for IPSec pull together the various parts used to set up IPSec security associations. Crypto
Map entries include transform sets. A transform set is an acceptable combination of security
protocols, algorithms and other settings to apply to IPSec protected traffic.
The Internet Key Exchange (IKE) protocol is a key management protocol standard used in
conjunction with the IPSec standard. IKE automatically negotiates IPSec security associations and
enables IPSec secure communications without costly manual configuration. To support IPSec VPN
functionality, the following configuration activities are required:
•
Brocade Mobility RFS4000, RFS6000, and RFS7000 System Reference Guide
53-1002515-01
selected index.
Use this information to discern whether changes to an existing IKE configuration is warranted
or if a new configuration is required.
Configure a DHCP Sever to assign public IP address
An IPSec client needs an IP address before it can connect to the VPN Server and create an
IPSec tunnel. A DHCP Server needs to be configured on the interface to distribute public IP
addresses to the IPSec clients.
6
399