Symbol Technologies WS 2000 Switch User Manual


 
WS 2000 Wireless Switch System Reference Guide4-14
Creating a VPN Tunnel
1. Click the Add button to create a VPN tunnel. The lower portion of the screen, which then appears, is used to configure
the tunnel.
2. Type a name for the tunnel into the Tunnel Name field. Use a name that indicates the role of the tunnel.
3. Select the subnet that will be the local end of the tunnel from the Local Subnet menu.
4. Specify the IP address to use for the local WAN (Local Wan IP), which should be one of the (up to) eight IP address
specified on the WAN screen.
5. Specify the IP address for the Remote Subnet along with its subnet mask (Remote Subnet Mask).
6. Specify the IP address for the Remote Gateway.
Setting Up VPN Security
The WS 2000 Wireless Switch provides several different options for VPN security, all based upon encryption key exchange:
1. Manual Key Exchange uses the Manual Key Settings screen to specify the transform sets that will be used for VPN
access.
A transform set is a combination of security protocols and algorithms that are applied to IPSec protected traffic. During
security association (SA) negotiation, both gateways agree to use a particular transform set to protect the data flow. A
transform set specifies one or two IPSec security protocols (either AH, ESP, or both) and specifies which algorithms to
use with the selected security protocol. If you specify an ESP protocol in a transform set, you can specify just an ESP
encryption transform or both an ESP encryption transform and an ESP authentication transform. When the particular
transform set is used during negotiations for IPSec SAs, the entire transform set (the combination of protocols,
algorithms, and other settings) must match a transform set at the remote end of the gateway.
2. Automatic Key Exchange enables the WS 2000 Wireless Switch to automatically set encryption and authentication
keys for VPN access. The Auto Key Settings subscreen provides the means to specify the type of encryption and
authentication, without specifying the keys.