User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

331

332

333

334

335

336

337

338

339

340

Dell Networking W-Series ArubaOS 6.4.x| User Guide Virtual Private Networks | 337

Chapter 15

Virtual Private Networks

Wireless networks can use virtual private network (VPN) connections to further secure wireless data from

attackers. The Dell controller can be used as a VPN concentrator that terminates all VPN connections from

both wired and wireless clients.

This chapter describes the following topics:

l Planning a VPN Configuration on page 337

l Working with VPN Authentication Profiles on page 340

l Configuring a Basic VPN for L2TP/IPsec in the WebUI on page 342

l Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI on page 346

l Configuring a VPN for Smart Card Clients on page 350

l Configuring a VPN for Clients with User Passwords on page 351

l Configuring Remote Access VPNs for XAuth on page 353

l Working with Remote Access VPNs for PPTP on page 355

l Working with Site-to-Site VPNs on page 355

l Working with VPN Dialer on page 361

Planning a VPN Configuration

You can configure the controller for the following types of VPNs:

l Remote access VPNs allow hosts (for example, telecommuters or traveling employees) to connect to private

networks (for example, a corporate network) over the Internet. Each host must run VPN client software

which encapsulates and encrypts traffic, then sends it to a VPN gateway at the destination network. The

controller supports the following remote access VPN protocols:

n Layer-2 Tunneling Protocol over IPsec (L2TP/IPsec)

n Point-to-Point Tunneling Protocol (PPTP)

n XAUTH IKE/IPsec

n IKEv2 with Certificates

n IKEv2 with EAP

l Site-to-site VPNs allow networks (for example, a branch office network) to connect to other networks (for

example, a corporate network). Unlike a remote access VPN, hosts in a site-to-site VPN do not run VPN

client software. All traffic for the other network is sent and received through a VPN gateway, which

encapsulates and encrypts the traffic.

Before enabling VPN authentication, you must configure the following:

l The default user role for authenticated VPN clients. See Roles and Policies on page 364 for information

about configuring user roles.

l The authentication server group the controller uses to validate the clients. See Authentication Servers on

page 225 for configuration details.

A server-derived role, if present, takes precedence over the default user role.