User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

341

342

343

344

345

346

347

348

349

350

346 | Virtual Private Networks Dell Networking W-Series ArubaOS 6.4.x| User Guide

8. Click Done.

Finalizing WebUI changes

When you have finished configuring your IPsec VPN settings, click Apply to apply the new settings before

navigating to other pages.

Configuring a Basic L2TP VPN in the CLI

Use the following procedures to use the command-line interface to configure a remote access VPN for L2TP

IPsec:

1. Define the authentication method and server addresses:

(host)(config) #vpdn group l2tp

enable

client configuration {dns|wins} <ipaddr1> [<ipaddr2>]

2. Enable authentication methods for IKEv1 clients:

vpdn group l2tp ppp authentication {cache-securid|chap|eap|mschap|mschapv2|pap

3. Create address pools:

(host)(config) #ip local pool <pool> <start-ipaddr> <end-ipaddr>

4. Configure source NAT:

(host)(config) #ip access-list session srcnatuser any any src-nat pool <pool> position 1

5. If you are configuring a VPN to support machine authentication using certificates, define server certificates

for VPN clients using IKEv1:

(host)(config) #crypto-local isakmp server-certificate <cert>

6. If you are configuring a VPN to support IKEv1 Clients using pre-shared keys, you can configure a global IKE

key by entering 0.0.0.0 for both the address and netmask parameters in the command below, or configure

an IKE key for an individual subnet by specifying the IP address and netmask for that subnet:

crypto isakmp key <key> address <ipaddr|> netmask <mask>

7. Define IKE Policies:

(host)(config) #crypto isakmp policy <priority>

encryption {3des|aes128|aes192|aes256|des}

version v1|v2

authentication {pre-share|rsa-sig|ecdsa-256ecdsa-384}

group {1|2|19|20}

hash {md5|sha|sha1-96|sha2-256-128|sha2-384-192}

lifetime <seconds>

Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI

Only clients running Windows 7, StrongSwan 4.3, and Dell VIA support IKEv2. For additional information on the

authentication types supported by these clients, see “Working with IKEv2 Clients on page 339."

Use the following procedures to in the WebUI configure a remote access VPN for IKEv2 clients using

certificates.

l Defining Authentication Method and Server Addresses on page 347

l Defining Address Pools on page 347

l Enabling Source NAT on page 347

l Selecting Certificates on page 347

l Configuring IKE Policies on page 348

l Setting the IPsec Dynamic Map on page 349

l Finalizing WebUI changes on page 350