Setting Up Vpn Security; Configuring Manual Key Exchange - Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual

3. Select the subnet that will be the local end of the tunnel from the
4. Specify the IP address to use for the local WAN
IP addresses specified in the WAN screen.
5. Specify the IP address for the
Remote Subnet is the remote end of the VPN tunnel. This field accepts 0.0.0.0 as the remote subnet IP
address.
6. Specify the IP address for the
7. Click the Apply

4.5.2 Setting Up VPN Security

The WS 2000 Wireless Switch provides several different options for VPN security, all based upon encryption
key exchange:
1. Manual Key Exchange
be used for VPN access.
A transform set is a combination of security protocols and algorithms that are applied to IPSec protected
traffic. A transform set specifies one or two IPSec security protocols (either AH, ESP, or both) and
specifies which algorithms to use with the selected security protocol. During security association (SA)
negotiation, both gateways agree to use a particular transform set to protect the data flow.
If you specify an ESP protocol in a transform set, you can specify just an ESP encryption transform or both
an ESP encryption transform and an ESP authentication transform. When a particular transform set is
used during negotiations for IPSec SAs, the entire transform set (the combination of protocols,
algorithms, and other settings) must match the transform set at the remote end of the gateway.
2. Automatic Key Exchange
authentication keys for VPN access. The Auto Key Settings subscreen provides the means to specify the
type of encryption and authentication, without specifying the keys.
3. Internet Key Exchange (IKE)
negotiation, and remote host or network access. IKE provides an automatic means of negotiation and
authentication for communication between two or more parties. IKE manages IPSec keys automatically
for the parties.
Each of these options requires some configuration, as described below.

4.5.3 Configuring Manual Key Exchange

1. Select the Manual Key Exchange
2. Click the Manual Key Settings
appears. The setup process requires specifying both the authentication and the encryption methods and
keys.
Remote Subnet
Remote Gateway.
button to save the changes.
uses the Manual Key Settings
enables the WS 2000 Wireless Switch to automatically set encryption and
protocol is an IPSec standard protocol used to ensure security for VPN
radio button.
button to specify the encryption method and the following screen
Local Subnet
(Local Wan IP), which should be one of the (up to) eight
along with its subnet mask
screen to specify the transform sets that will
4-15
WAN Configuration
menu.
(Remote Subnet Mask).