Alcatel-Lucent omniaccess User Manual

Part 031650-00

May 2005

The basic operation for each of these deployments is the same, differing only 
slightly in configuration details. The difference in configuration for each of 
these deployments will be highlighted in the steps below.

The Secure Remote Access Point Service APs have to be configured with the 
tunnel termination address,  and address IP1 in the above figures. This address 
would be the switch’s IP address, or the NAT device’s public address, 
depending on the deployment scenario. 

In the case where the switch is behind a NAT device (as in deployment 
scenario 3),  NAT-T (UDP 4500 port only)  needs to be enabled, and all packets 
from the NAT device on  UDP port 4500 should be forwarded to the Alcatel 
Mobility Controller.

The AP uses IP1 to establish a VPN/ IPSec tunnel with the switch. Once the 
VPN tunnel is established, the AP bootstraps and becomes operational.

To configure the Secure Remote Gird Point Service (refer to the three 
deployment illustrations above):

z

Configure the AP as a Remote AP with the master address, the LMP IP, IKE 
PSK, and the username and password for authentication.

z

Configure IPSec VPN tunnels on the switch the AP will use before it boot-
straps.

z

Configure the Secure Remote Access Point Service user role and permis-
sions.