IPSec tunnels are established to secure traffic, data and management traffic, from access points to remote wireless controllers. Secure tunnels must be established between access points and the wireless controller with minimum configuration pushed through DHCP option settings.
Note
WiNG 7.1 release is not supported on AP505i and AP510i model access points. This feature will be supported in future releases,To define or override a profile's Auto IPSec tunnel configuration:
| Group ID | Configure the ID string used for IKE authentication. String length can be between 1 and 64 characters. |
| Authentication Type | Set the IPSec Authentication Type. Options include PSK (Pre Shared Key) or RSA. |
| Authentication Key | Set the common key for authentication between the remote tunnel peer. Key length is between 8 and 21 characters |
| IKE Version | Configure the IKE version to use. The available options are ikev1-main, ikev1- aggr and ikev2. |
| Enable NAT after IPSec | Select this option to enable NAT after IPSec. Enable this if there are NATted networks behind VPN tunnels. |
| Use Unique ID | In scenarios where different access points behind different NAT boxes and routers have the same IP address, it is not possible to create a tunnel between the wireless controller and the access point because the wireless controller does not identify the access point uniquely. When this option is selected, each access point behind a same NAT box or router will have an unique ID which is used to create the VPN tunnel. |
| Re-Authentication | Select this option to re-authenticate the key on a IKE rekey. This setting is disabled by default. |
| IKE Life Time | Set a lifetime in either seconds (600 - 86,400), minutes (10 - 1,440), hours (1 - 24), or days (1) for IKE security association duration. The default setting is 8600 seconds. |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB