Manualshelf

User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000
331332333334335336337338339340
Client Operating
System
Supported Suite-B
IKE Authentication
Supported Suite-B IPsec
Encryption
l Windows 7
l Windows Vista
l Windows XP
l IKEv1 Clients using ECDSA
Certificates
l IKEv1/IKEv2 Clients using ECDSA
Certificates with L2TP/PPP/EAP-TLS
certificate user-authentication
l AES-128-GCM
l AES-256-GCM
Table 56: Client Support for Suite-B
The Suite-B algorithms described in Table 55 are also supported by Site-to-Site VPNs between Dell controllers,
or between a Dell controller and a server running Windows 2008 or StrongSwan 4.3.
Working with IKEv2 Clients
Not all clients support the both the IKEv1 and IKEv2 protocols. Only the clients in Table 57 support IKEv2 with
the following authentication types:
Windows 7 Client StrongSwan 4.3 Client VIA Client
l Machine authentication
with Certificates
l User name password
authentication using EAP-
MSCHAPv2 or PEAP-
MSCHAPv2
l User smart-card
authentication with EAP-
TLS / IKEv2
NOTE: Windows 7 clients
using IKEv2 do not support
pre-shared key
authentication.
l Machine authentication
with Certificates
l User name password
authentication using EAP-
MSCHAPv2
l Suite-B cryptographic
algorithms
l Machine authentication with
Certificates
l User name password authentication
using EAP-MSCHAPv2
l EAP-TLS using Microsoft cert
repository
NOTE: VIA clients using IKEv2 do not
support pre-shared key authentication.
Table 57: VPN Clients Supporting IKEv2
Understanding Supported VPN AAA Deployments
If you want to simultaneously deploy various combinations of a VPN client, RAP-psk, RAP-certs, and CAP on the
same controller, see Table 58.
Each row in this table specifies the allowed combinations of AAA servers for simultaneous deployment.
Configuration rules include:
l RAP-certs can only use LocalDB-AP.
l A RAP-psk and RAP-cert can only terminate on the same controller if the RAP VPN profile’s AAA server uses
Local-db.
l If a RAP-psk is using an external AAA server, then the RAP-cert cannot be terminated on the same controller.
l Clients can use any type of AAA server, regardless of the RAP/CAP authentication configuration server.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Virtual Private Networks | 339