Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (IL) Access Point
511512513514515516517518519520
available, you must assign an IP address to it on the Controller >> Network > IP interfaces
page. For example, if you create a VLAN on the Internet port, you must assign an IP address
to it or it will not appear as a choice in the list.
On the MSM720, Interface 2 can only be set to Access Network.
Local group list
When using IPSec aggressive mode, groups can be used to authenticate IPSec connections
from clients (peers). The client must supply the group name matching one of the groups defined
here to establish a security association with the controller.
Create all needed groups, providing information as follows:
Group name: Group names are case-sensitive and should be in the format
user@FQDN.com or FQDN.com. For example, fred@mycompany.com or
server99.mycompany.com.
Password/Confirm password: Passwords must be at least six characters long and contain
at least four different characters.
IPSec security policy database
The IPSec security policy database table shows all the IPSec security policies that are defined
on the controller. A security policy defines the criteria that must be met for a peer to establish
an IPSec security association (SA) with the controller.
This information is provided:
Name: Name assigned to the security policy.
Port: Port assigned to the security policy.
Peer address: Address of the peer which can establish an SA using this policy.
Mode: Indicates the IPSec mode (tunnel or transport) supported by this policy.
Status: Indicates whether the policy has been enabled. An SA can only be established
when a policy is enabled.
Authentication: Indicates the method used to authenticate peers.
VPN one-to-one NAT
When this feature is enabled, the controller can assign a unique IP address to each IPSec or PPTP
VPN connection made by a user to a remote server via the Internet port (Internet network on the
MSM720). Addresses are assigned as follows:
On the MSM720, Controller >> IP interfaces. Select Internet network and then Static.
On other controllers, Controller >> IP interfaces. Select Internet port and then Static.
Configure the Additional IP addresses option.
VPN one-to-one NAT 515