Table of Contents
Advertisement
5
Global Configuration commands
5. Specify the authentication type.
6. Create a transform set.
7.
8. Apply the crypto map to interface vlan2.
9. Upon a successful connection, the XP client will obtain a virtual IP address.
Use Case 2: Configuring Site-to-Site VPN
Intranets use unregistered addresses connected over the public internet by site-to-site VPN. In this
scenario, NAT is required for the connections to the public internet. However NAT is not required for
traffic between the two intranets, which can be transmitted using a VPN tunnel over the public
Internet.
The site-to-site VPN allows branch office mobility controllers to connect back to the central office
using a secure, encrypted tunnel, for all site-to-site traffic. This allows a wired LAN in the branch
office to bridge directly to the central site while maintaining full security.
This example requires two controllers. It can be configured with the following commands:
242
RFController(config)#crypto isakmp client configuration group default
RFController(config-crypto-group)#dns 10.1.1.1
RFController(config-crypto-group)#wins 10.1.1.1
RFController(config)# aaa vpn-authentication local
RFController(config)# local username harry password brocade123
RFController(config)#crypto ipsec transform-set windows esp-3des esp-sha-hmac
RFController(config-crypto-ipsec)#mode transport
Specify a dynamic crypto map.
RFController(config)#crypto map TestMap 30 ipsec-isakmp dynamic
RFController(config-crypto-map)#set peer 0.0.0.0
RFController(config-crypto-map)#match address 101
RFController(config-crypto-map)#set transformset windows
RFController(config-crypto-map)#set remote-type ipsec-l2tp
RFController(config)#interface vlan2
RFController(config-if)cryto map TestMap
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
53-1001931-01
- Quick Links:
- Common Commands
- Show
Hide quick links:
Advertisement
Table of Contents
