User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

351

352

353

354

355

356

357

358

359

360

352 | Virtual Private Networks Dell Networking W-Series ArubaOS 6.4.x| User Guide

SA authentication, and then user-level authentication with the PAP authentication protocol. IKE SA is

authenticated with a preshared key, which you must configure as an IKE shared secret on the controller. User-

level authentication is performed by the controller’s internal database.

On the controller, you need to configure the following:

l AAA database entries for username and passwords

l VPN authentication profile, which defines the internal server group and the default role assigned to

authenticated clients

l L2TP/IPsec VPN with PAP as the PPP authentication (IKEv1 only).

l (For IKEv1 clients) An IKE policy for preshared key authentication of the SA.

l (For IKEv2 clients) A server certificate to authenticate the controller to clients and a CA certificate to

authenticate VPN clients.

In the WebUI

Use the following procedure the configure L2TP/IPsec VPN for username/password clients via the WebUI:

1. Navigate to the Configuration > Security > Authentication > Servers window.

a. Select Internal DB to display entries for the internal database.

b. Click Add User.

c. Enter username and password information for the client.

d. Click Enabled to activate this entry on creation.

e. Click Apply.

2. Navigate to the Configuration > Security > Authentication > L3 Authentication window.

a. Under default VPN Authentication Profile, select Server Group.

b. Select the internal server group from the drop-down menu.

c. Click Apply.

3. Navigate to the Configuration > Advanced Services > VPN Services > IPsec window.

a. Select Enable L2TP (this is enabled by default).

b. Select PAP for Authentication Protocols.

4. Configure other VPN settings as described in Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI on

page 346, while ensuring that the following settings are selected:

l In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPsec tab,

enable L2TP.

l In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPsec tab,

select PAP as the authentication protocol.

In the CLI

The following example uses the command-line interface to configure a L2TP/IPsec VPN for

username/password clients using IKEv1:

(host)(config) #vpdn group l2tp

enable

ppp authentication pap

client dns 101.1.1.245

(host)(config) #ip local pool pw-clients 10.1.1.1 10.1.1.250

(host)(config) #crypto isakmp key <key> address 0.0.0.0 netmask 0.0.00

(host)(config) #crypto isakmp policy 1