Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS6000 - Wireless RF Switch
381382383384385386387388389390
Switch Security 6-65
With manually established security associations, there is no negotiation with the peer. Both sides must
specify the same transform set. If you change a transform set definition, the change is only applied to
Crypto Map entries that reference the transform set. The change is not applied to existing security
associations, but is used in subsequent negotiations to establish new security associations.
Create Crypto Map entries
When IKE is used to establish security associations, the IPSec peers can negotiate the settings they use
for the new security associations. Therefore, specify lists (such as lists of acceptable transforms) within
the Crypto Map entry.
Apply Crypto Map sets to Interfaces
Assign a Crypto Map set to each interface through which IPSec traffic flows. The security appliance
supports IPSec on all interfaces. Assigning the Crypto Map set to an interface instructs the security
appliance to evaluate all the traffic against the Crypto Map set and use the specified policy during
connection or SA negotiation. Assigning a Crypto Map to an interface also initializes run-time data
structures (such as the SA database and the security policy database). Reassigning a modified Crypto
Map to the interface resynchronizes the run-time data structures with the Crypto Map configuration.
With the switch, a Crypto Map cannot get applied to more than one interface at a time.
Monitor and maintain IPSec tunnels
New configuration changes only take effect when negotiating subsequent security associations. If you
want the new settings to take immediate effect, clear the existing security associations so they will be
re-established with the changed configuration.
For manually established security associations, clear and reinitialize the security associations or the
changes will not take effect.
For more information on configuring IPSec VPN, refer to the following:
Defining the IPSec Configuration
Defining the IPSec VPN Remote Configuration
Configuring IPSEC VPN Authentication
Configuring Crypto Maps
Viewing IPSec Security Associations
6.7.1 Defining the IPSec Configuration
Use the IPSec VPN Configuration tab to view the attributes of existing VPN tunnels and modify the security
association lifetime and keep alive intervals used to maintain the sessions between VPN peers. From the
Configuration tab, transform sets can be created as existing sets, modified or deleted.
1. Select Security > IPSec VPN from the main menu tree.
NOTE: Though the switch can adopt an AP-7131 model access point, an AP-7131 cannot
provide IPSec support and should not be used in IPSec supported configurations.