Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (JP) Access Point
501502503504505506507508509510
22 Working with VPNs
Overview
Virtual private networks (VPNs) create secure tunnels across non-secure infrastructure such as the
Internet or publicly-accessible networks. The controller features virtual private network (VPN)
capabilities that enable it to do the following:
Secure wireless client sessions with a VPN tunnel between wireless clients such as wireless
point-of-sale (POS) terminals and the controller. IPSec, L2TP, and PPTP are all supported. (VPN
tunnel represented in green.) (On the MSM720, replace LAN port with Access network and
Internet port with Internet network.)
Controller
Router
Internet
port
24.1.1.4
Internet
LAN
port
7.1.1.1
VPN Server/
Gateway
(Peer)
3.1.1.2 10.0.0.0
10.0.0.2
Secure
resource
7.1.1.2
AP
Router
5.1.1.0
5.1.1.2
AP
5.1.1.3
Wireless
POS
7.1.1.3
Wireless
POS
NOTE: For WPA-capable wireless clients, a better alternative to VPNs, is to extend WPA
termination from the AP to the controller. See “Terminate WPA at the controller” (page 129).
Secure controller communications to VPN servers, including both management and client
traffic. For example, the controller can securely contact a remote RADIUS server for user
authentication. IPsec and PPTP are supported. (VPN tunnel represented in blue.) (On the
MSM720, replace LAN port with Access network and Internet port with Internet network.)
Internet
Controller
Router
Internet
port
24.1.1.4
LAN
port
7.1.1.1
VPN Server/
Gateway
(Peer)
3.1.1.2
10.0.0.0
10.0.0.2
Secure
resource
7.1.1.2
7.1.1.2
APWireless
Client
7.1.1.3
5.1.1.2
5.1.1.2
APWireless
Client
5.1.1.3
Router
Securing wireless client sessions with VPNs
NOTE: The ability to secure wireless client sessions is intended for low-data-volume applications
like that of wireless POS terminals.
To secure wireless client sessions, create a VPN tunnel from the wireless client to the controller.
The sample topology seen earlier serves as an example for the sample configurations that follow.
In this example, the controller LAN port has an IP address of 7.1.1.1, the APs are at 7.1.1.2 and
5.1.1.2, and the wireless POS are at 7.1.1.3 and 5.1.1.3. (On the MSM720, replace LAN port
with Access network and Internet port with Internet network.)
Overview 507