1-24WS5100 Series Switch System Reference Guide

Site-Site VPN — For example, a company branching office traffic to another branch office traffic with an unsecured link between the two locations.

Remote VPN — Provides remote user ability to access company resources from outside the company premises.

The switch supports:

IPSec termination for site to site

IPSec termination for remote access

IPSec traversal of firewall filtering

IPSec traversal of NAT

IPSec/L2TP (client to switch)

1.2.5.14NAT

NAT (Network Address Translation) is supported for non-IPSec packets which are routed by the switch. The following types of NAT are supported:

Port NAT– Port NAT (also known as NAPT) entails multiple local addresses are mapped to single global address and a dynamic port number. The user is not required to configure any NAT IP address. Instead IP address of the public interface of the switch is used to NAT packets going out from private network and vice versa for packets entering private network.

Static NAT– Static NAT is similar to Port NAT with the only difference that it allows the user to configure a source NAT IP address and/or destination NAT IP address to which all the packets will be NATted to. The source NAT IP address will be used when hosts on a private network are trying to access a host on a public network. Destination NAT IP address can be used for public hosts to talk to a host on the private network.

1.2.5.15Certificate Management

Certificate Management is used to provide a standardized procedure to

Generate a Server certificate request and upload the server certificate signed by certificate authority (CA).

Uploading of CA's root certificate.

Creating a self-signed certificate

Certificate management will be used by the applications HTTPS, VPN, HOTSPOT and Radius. For information on configuring switch certificate management, see Creating Server Certificates on page 6-74.

1.2.6 Access Port Support

Access ports work on any VLAN with connectivity to the wireless switch. The switch supports the following access ports:

AP100 (supports 802.11b)

AP300 (supports 802.11a/b/g)

Access points converted to access ports, including:

AP-4131

Page 34
Image 34
Motorola WS5100 manual Access Port Support, 5.14 NAT, Certificate Management