Switch Security 6-43

4.Select an index and click the Details button to display a more robust set of statistics for the selected index.

Use this information to discern whether changes to an existing IKE configuration is warranted or if a new configuration is required.

5.Click the Stop Connection button to terminate the statistic collection of the selected IKE peer.

6.8Configuring IPSec VPN

Use IPSec Virtual Private Network (VPN) to define secure tunnels between two peers. Configure which packets are sensitive and should be sent through these secure tunnels, and what should be used to protect these sensitive packets. Once configured, an IPsec peer creates the appropriate secure tunnel and sends the packet through the tunnel to the remote peer.

IPSec tunnels are sets of security associations (SA) established between two peers. The security associations define which protocols and algorithms are applied to sensitive packets, and what keying material is used by the two peers. Security associations are unidirectional and established per security protocol.

To configure IPSec security associations, Motorola uses the Crypto Map entries. Crypto Map entries created for IPSec pull together the various parts used to set up IPSec security associations. Crypto Map entries include transform sets. A transform set is an acceptable combination of security protocols, algorithms and other settings to apply to IPSec protected traffic.

The Internet Key Exchange (IKE) protocol is a key management protocol standard which can be used in conjunction with the IPSec standard. IKE automatically negotiates IPSec security associations and enables IPSec secure communications without costly manual configuration. To support IPSec VPN functionality, the following configuration activities are required:

Configure a DHCP Sever to give public IP address

An IPSec client needs to have an IP address before it can connect to the VPN Server and create an IPSec tunnel. Thus, a DHCP Server needs to be configured on the interface to distribute public IP addresses to the IPSec clients.

Configure a Crypto policy (IKE)

IKE automatically negotiates IPSec security associations and enables IPSec secure communications without costly manual pre-configuration. IKE eliminates the need to manually specify all the IPSec

Page 267
Image 267
Motorola WS5100 manual Configuring IPSec VPN, Configure a Dhcp Sever to give public IP address