Configuring SoftGRE and IPsec in the WLAN

You can configure the Soft GRE tunnel profile and IPsec profile in the WLAN to manage AP traffic.

  1. Follow the steps listed in "Creating a SoftGRE Profile" of the SmartZone Administrator Guide for this release to create a SoftGRE profile.
    Note: Only IPv4 addressing format is supported for FIPS devices.
  2. Follow the steps listed in "Creating an IPsec Profile" of the SmartZone Administrator Guide for this release to create a IPsec profile.
    Note: For Tunnel mode, select SoftGRE. Only IPv4 addressing format is supported. SoftGRE over IPsec supports tunnel mode only.

    Refer to the topology diagrams in the section Configuring System IPSec using Preshared Key to setup IPSec tunnel for SZ and vSZ.

    The following Security Association options are supported for FIPS devices:

    • Encryption Algorithm: Options include AES128, AES192, and AES256.
    • Integrity Algorithm: Options include SHA1, SHA256, SHA384, and SHA512.
    • Pseudo-Random Function: Options include Use integrity ALG, PRF-SHA1, PRF-SHA256, PRF-SHA384, and PRF-SHA512.
    • DH Group: Options for Diffie-Hellman groups for IKE include modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192,ECP384.
  3. Create an AP zone with the appropriate SoftGRE and IPsec profiles. Go to Access Points.
  4. Select the FIPS zone and click the + icon to configure the AP GRE Tunnel Options from the Configuration tab.
    Refer to "Creating an AP Zone" of the SmartZone Administrator Guide for this release.
    Figure 1. AP GRE Tunnel Configurations
  5. Go to Wireless LAN.
  6. Select the zone. The Creating WLAN Configuration page displays.
  7. Go to Data Plan Options and select the SoftGRE tunnel profile. By default, SoftGRE and IPsec are enabled and attached at the zone level to the WLAN.