Table of Contents
Advertisement
In case the client is VPN enabled, it initiates a connection with the VPN server on our controller, the
"conversation" that occurs between the peers consists of device authentication via Internet Key
Exchange (IKE), followed by user authentication using IKE Extended Authentication (Xauth), push
client relate configuration (using Mode Configuration), and IPsec security association (SA) creation.
Depending on the controller IPSec configuration (as discussed in the previous sections), the client
establishes an IKE SA, and if the controller is configured for Xauth, the client waits for a
"username/password" challenge and then responds to the challenge of the controller.
If the controller indicates that authentication is successful, the client requests further configuration
parameters from the controller. At this stage, the private IP address (mode-config) is pushed to the
client from a private address pool, configured for remote VPN clients. IPsec SA's are created and
the connection is complete.
Once the client has got a virtual IP, further packets from the client within the IPSec tunnel are
routed to the corresponding VLAN interface (in our case vlan3), and the client gets access to the
network. The IPSec tunnel is only between the client and the controller. After that the packets on
the trusted side are sent without encryption.
NOTE
The example below is for a IPSec-L2TP connection over a wireless client. Use a windows default
client for this configuration.
1. Create and configure a WLAN.
2. Create and configure DHCP.
3. Create and configure a VLAN interface named vlan2.
4. Create and configure another VLAN interface named vlan3.
1. Create an Extended ACL.
2. Configure the local subnet and remote subnet as interesting traffic.
3. Configure a private pool address.
4. Specify DNS/WINS for the remote client.
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
53-1001931-01
RFController(config)#
RFController(config)#wireless
RFController(config-wireless)#wlan 2 enable
RFController(config-wireless)#wlan 2 ssid MONARCH2
RFController(config-wireless)#wlan 2 vlan 2
RFController(config)#ip dhcp pool vlan2
RFController(config-dhcp)#address range 10.1.1.2 10.1.1.254
RFController(config-dhcp)#default-router 10.1.1.1
RFController(config-dhcp)#network 10.1.1.0/24
RFController(config)#interface vlan2
RFController(config-if)#ip address 10.1.1.1/24
RFController(config)#interface vlan 3
RFController(config-if)#ip address dhcp
Use the commands below to configure IPSec VPN on the controller:
RFController(config-ext-nacl)#ip access-list extended 101
RFController(config-ext-nacl)# permit ip 10.1.1.0/24 any
RFController(config-ext-nacl)# permit ip 192.168.0.0/24 any
RFController(config)# ip local pool lo 192.168.0.2 hi 192.168.0.10
Global Configuration commands
5
241
- Quick Links:
- Common Commands
- Show
Hide quick links:
Advertisement
Table of Contents
