User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

341

342

343

344

345

346

347

348

349

350

342 | Virtual Private Networks Dell Networking W-Series ArubaOS 6.4.x| User Guide

10.From the Server Group drop-down list, select the server group to be used for VPN authentication.

11.Click Apply.

To configure VPN authentication via the command-line interface, access the CLI in config mode and issue the

following commands:

(host)(config) #aaa authentication vpn default

cert-cn-lookup

clone

default-role <role>

export-route

max-authentication-failure <number>

pan-integration

radius-accounting <server_group_name>

server-group <name>

user-idle-timeout <seconds>

Configuring a Basic VPN for L2TP/IPsec in the WebUI

The combination of Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPsec) is a highly-secure

technology that enables VPN connections across public networks such as the Internet. L2TP/IPsec provides

both a logical transport mechanism on which to transmit PPP frames, tunneling, or encapsulation, so that the

PPP frames can be sent across an IP network. L2TP/IPsec relies on the PPP connection process to perform user

authentication and protocol configuration. With L2TP/IPsec, the user authentication process is encrypted using

the Data Encryption Standard (DES) or Triple DES (3DES) algorithm.

L2TP/IPsec using IKEv1 requires two levels of authentication:

l Computer-level authentication with a preshared key to create the IPsec security associations (SAs) to

protect the L2TP-encapsulated data.

l User-level authentication through a PPP-based authentication protocol using passwords, SecureID, digital

certificates, or smart cards after successful creation of the SAs.

Note that only Windows 7 clients, StrongSwan 4.3 clients, and VIA clients support IKEv2. For additional information on

the authentication types supported by these clients, see Working with IKEv2 Clients on page 339.

Use the following procedures to configure a remote access VPN for L2TP IPsec for clients using pre-shared

keys, certificates or EAP for authentication using the WebUI:

l Defining Authentication Method and Server Addresses on page 347

l Defining Address Pools on page 347

l Enabling Source NAT on page 347

l Selecting Certificates on page 347

l Defining IKEv1 Shared Keys on page 344

l Configuring IKE Policies on page 348

l Setting the IPsec Dynamic Map on page 349

l Finalizing WebUI changes on page 350

Defining Authentication Method and Server Addresses

1. Define the authentication method and server addresses.

2. Navigate to Configuration > Advanced Services > VPN Services and click the IPSECtab.

3. To enable L2TP, select Enable L2TP (this is enabled by default).

4. Select the authentication method for IKEv1 clients. Currently supported methods are: