Filter
Top Products
242 Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
53-1001931-01
Global Configuration commands
5
RFController(config)#crypto isakmp client configuration group default
RFController(config-crypto-group)#dns 10.1.1.1
RFController(config-crypto-group)#wins 10.1.1.1
5. Specify the authentication type.
RFController(config)# aaa vpn-authentication local
RFController(config)# local username harry password brocade123
6. Create a transform set.
RFController(config)#crypto ipsec transform-set windows esp-3des esp-sha-hmac
RFController(config-crypto-ipsec)#mode transport
7. Specify a dynamic crypto map.
RFController(config)#crypto map TestMap 30 ipsec-isakmp dynamic
RFController(config-crypto-map)#set peer 0.0.0.0
RFController(config-crypto-map)#match address 101
RFController(config-crypto-map)#set transformset windows
RFController(config-crypto-map)#set remote-type ipsec-l2tp
8. Apply the crypto map to interface vlan2.
RFController(config)#interface vlan2
RFController(config-if)cryto map TestMap
9. Upon a successful connection, the XP client will obtain a virtual IP address.
Use Case 2: Configuring Site-to-Site VPN
Intranets use unregistered addresses connected over the public internet by site-to-site VPN. In this
scenario, NAT is required for the connections to the public internet. However NAT is not required for
traffic between the two intranets, which can be transmitted using a VPN tunnel over the public
Internet.
The site-to-site VPN allows branch office mobility controllers to connect back to the central office
using a secure, encrypted tunnel, for all site-to-site traffic. This allows a wired LAN in the branch
office to bridge directly to the central site while maintaining full security.
This example requires two controllers. It can be configured with the following commands: