User's Manual
354 | Virtual Private Networks Dell Networking W-Series ArubaOS 6.4.x| User Guide
server-group internal
(host)(config) #no crypto-local isakmp xauth
(host)(config) #vpdn group l2tp
enable
client dns 101.1.1.245
(host)(config) #ip local pool sc-clients 10.1.1.1 10.1.1.250
(host)(config) #crypto-local isakmp server-certificate MyServerCert
(host)(config) #crypto-local isakmp ca-certificate TrustedCA
(host)(config) #crypto isakmp policy 1
authentication rsa-sig
Enter the following command in enable mode to configure client entries in the internal database:
(host)(config) #local-userdb add username <name> password <password>
Configuring a VPN for XAuth Clients Using a Username and Password
This section describes how to configure a remote access VPN on the controller for Cisco VPN XAuth clients
using passwords. IKE Phase 1 authentication is done with an IKE preshared key; users are then prompted to
enter their username and password, which is verified with the internal database on the controller.
On the controller, you need to configure the following:
1. Add entries for Cisco VPN XAuth clients to the controller’s internal database. For details on configuring an
authentication server, see Authentication Servers on page 225
For each client, you need to create an entry in the internal database with the entire Principal name (SubjectAltname
in X.509 certificates) or Common Name as it appears on the certificate.
2. Verify that the server with the client data is part of the server group associated with the VPN authentication
profile.
3. Configure other VPN settings as described in Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI on
page 346, while ensuring that the following settings are selected:
l In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPSEC tab,
enable L2TP.
l In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPSEC tab,
enable XAuth to enable prompting for the username and password.
l The IKE policy must have pre-shared authentication.
The following example configures a VPN for XAuth IKEv1 clients using a username and passwords. Access the
command-line interface and issue the following commands in config mode:
(host)(config) #aaa authentication vpn default
server-group internal
crypto-local isakmp xauth
(host)(config) #vpdn group l2tp
enable
client dns 101.1.1.245
(host)(config) #ip local pool pw-clients 10.1.1.1 10.1.1.250
(host)(config) #crypto isakmp key 0987654 address 0.0.0.0 netmask 0.0.00