Defining Profile Auto IPSec Tunnel Settings

IPSec tunnels are established to secure traffic, data and management traffic, from access points to remote wireless controllers. Secure tunnels must be established between access points and the wireless controller with minimum configuration pushed through DHCP option settings.

To define or override a profile's Auto IPSec tunnel configuration:

  1. Select Configuration > Devices > System Profile from the web UI.
  2. Expand the Security menu and select Auto IPSec Tunnel.
    Click to expand in new window
    Profile Security - Auto IPSec Tunnel Screen
    GUID-6C26B677-62A1-485B-A59C-545EA5C2CC9D-low.png
  3. Refer to the following table to configure the Auto IPSec Tunnel settings:
    Group ID Configure the ID string used for IKE authentication. String length can be between 1 and 64 characters.
    Authentication Type Set the IPSec Authentication Type. Options include PSK (Pre Shared Key) or RSA.
    Authentication Key Set the common key for authentication between the remote tunnel peer. Key length is between 8 and 21 characters
    IKE Version Configure the IKE version to use. The available options are ikev1-main, ikev1- aggr and ikev2.
    Enable NAT after IPSec Select this option to enable NAT after IPSec. Enable this if there are NATted networks behind VPN tunnels.
    Use Unique ID In scenarios where different access points behind different NAT boxes and routers have the same IP address, it is not possible to create a tunnel between the wireless controller and the access point because the wireless controller does not identify the access point uniquely. When this option is selected, each access point behind a same NAT box or router will have an unique ID which is used to create the VPN tunnel.
    Re-Authentication Select this option to re-authenticate the key on a IKE rekey. This setting is disabled by default.
    IKE Life Time Set a lifetime in either seconds (600 - 86,400), minutes (10 - 1,440), hours (1 - 24), or days (1) for IKE security association duration. The default setting is 8600 seconds.
  4. Click OK to save the changes made in the Auto IPSec Tunnel screen.
    Click Reset to revert to the last saved configuration.