Extreme Networks Altitude 4700 Series Product Reference Manual page 643

Question 2: Even if a wildcard entry of "0.0.0.0" is entered in the Remote Subnet field in the VPN
●
configuration page, can the AP access multiple subnets on the other end of a VPN concentrator
for the APs LAN/WAN side?
No. Using a "0.0.0.0" wildcard is an unsupported configuration. In order to access multiple subnets,
the steps in Question #1 must be followed.
Question 3: Can the AP be accessed via its LAN interface of AP#1 from the local subnet of AP#2
●
and vice versa?
Yes.
Question 4: Will the default "Manual Key Exchange" settings work without making any changes?
●
No. Changes need to be made. Enter Inbound and Outbound ESP Encryption keys on both APs.
Each one should be of 16 Hex characters (depending on the encryption or authentication scheme
used). The VPN tunnel can be established only when these corresponding keys match. Ensure the
Inbound/Outbound SPI and ESP Authentication Keys have been properly specified.
Question 5: Can an IPSec tunnel over a PPPoE connection be established - such as a PPPoE
●
enabled DSL link?
Yes. The Access Point supports tunneling when using a PPPoE username and password.
Question 6: Can I setup an Access Point so clients can access both the WAN normally and only
●
use the VPN when talking to specific networks?
Yes. Only packets that match the VPN Tunnel Settings will be sent through the VPN tunnel. All
other packets will be handled by whatever firewall rules are set.
Question 7: How do I specify which certificates to use for an IKE policy from the Access Point
●
certificate manager?
When generating a certificate to use with IKE, use one of the following fields: IP address, Domain
Name, or Email address. Also, make sure you are using NTP when attempting to use the certificate
manager. Certificates are time sensitive.
Configure the following on the IKE Settings page:
Local ID type refers to the way that IKE selects a local certificate to use.
IP—tries the match the local WAN IP to the IP addresses specified in a local certificate.
●
FQDN—tries to match the user entered local ID data string to the domain name field of the
●
certificate.
UFQDN—tries to match the user entered local ID data string to the email address field of the
●
certificate.
Remote ID type refers to the way you identify an incoming certificate as being associated with the
●
remote side.
IP—tries the match the remote gateway IP to the IP addresses specified in the received certificate.
●
FQDN—tries to match the user entered remote ID data string to the domain name field of the
●
received certificate.
Altitude 4700 Series Access Point Product Reference Guide
643