Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series
331332333334335336337338339340
Switch Security
6-49
4. Select an index and click the Details button to display a more robust set of statistics for the selected
index.
Use this information to discern whether changes to an existing IKE configuration is warranted or if a
new configuration is required.
5. Click the Stop Connection button to terminate the statistic collection of the selected IKE peer.
6.8 Configuring IPSec VPN
Use IPSec Virtual Private Network (VPN) to define secure tunnels between two peers. Configure which packets
are sensitive and should be sent through secure tunnels, and what should be used to protect these sensitive
packets. Once configured, an IPsec peer creates a secure tunnel and sends the packet through the tunnel to
the remote peer.
IPSec tunnels are sets of security associations (SA) established between two peers. The security associations
define which protocols and algorithms are applied to sensitive packets, and what keying material is used by
the two peers. Security associations are unidirectional and established per security protocol.
To configure IPSec security associations, Motorola uses the Crypto Map entries. Crypto Map entries created
for IPSec pull together the various parts used to set up IPSec security associations. Crypto Map entries include
transform sets. A transform set is an acceptable combination of security protocols, algorithms and other
settings to apply to IPSec protected traffic.
The Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction with the
IPSec standard. IKE automatically negotiates IPSec security associations and enables IPSec secure
communications without costly manual configuration. To support IPSec VPN functionality, the following
configuration activities are required:
Configuring a DHCP Sever to assign public IP address
An IPSec client needs an IP address before it can connect to the VPN Server and create an IPSec
tunnel. A DHCP Server needs to be configured on the interface to distribute public IP addresses to the
IPSec clients.
Configuring a Crypto policy (IKE)
IKE automatically negotiates IPSec security associations and enables IPSec secure communications
without costly manual pre-configuration. IKE eliminates the need to manually specify all the IPSec
security parameters in the Crypto Maps at both peers, allows you to specify a lifetime for the IPSec