User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

351

352

353

354

355

356

357

358

359

360

(host)(config) #crypto isakmp policy 1

authentication pre-share

Enter the following command in enable mode to configure client entries in the internal database:

(host)(config) #local-userdb add username <name> password <password>

Working with Remote Access VPNs for PPTP

Point-to-Point Tunneling Protocol (PPTP) is an alternative to L2TP/IPsec. Like L2TP/IPsec, PPTP provides a

logical transport mechanism to send PPP frames and tunneling or encapsulation, so that the PPP frames can

be sent across an IP network. PPTP relies on the PPP connection process to perform user authentication and

protocol configuration.

With PPTP, data encryption begins after PPP authentication and connection process is completed. PPTP

connections use Microsoft Point-to-Point Encryption (MPPE), which uses the Rivest-Shamir-Aldeman (RSA) RC-4

encryption algorithm. PPTP connections require user-level authentication through a PPP-based authentication

protocol (MSCHAPv2 is the currently-supported method).

In the WebUI

1. Navigate to the Configuration > Advanced Services > VPN Services > PPTPpage.

2. To enable PPTP, select Enable PPTP.

3. Select either MSCHAP or MSCHAPv2 as the authentication protocol.

4. Configure IP addresses of the primary and secondary DNS servers.

5. Configure the primary and secondary WINS Server IP addresses that are pushed to the VPN Dialer.

6. Configure the VPN Address Pool.

a. Click Add. The Add Address Pool window displays.

b. Specify the pool name, start address, and end address.

c. Click Done.

7. Click Apply to apply the changes made before navigating to other pages.

In the CLI

(host)(config) #vpdn group pptp

enable

client configuration {dns|wins} <ipaddr1> [<ipaddr2>]

ppp authentication {mschapv2}

(host)(config) #pptp ip local pool <pool> <start-ipaddr> <end-ipaddr>

Working with Site-to-Site VPNs

Site-to-site VPN allows sites at different physical locations to securely communicate with each other over a

Layer-3 network such as the Internet. You can use Dell controllers instead of VPN concentrators to connect the

sites. You can also use a VPN concentrator at one site and a controller at the other site.

The Dell controller supports the following IKE SA authentication methods for site-to-site VPNs:

l Preshared key: Note that the same IKE shared secret must be configured on both the local and remote

sites.

l Suite-B cryptographic algorithms

l Digital certificates: You can configure a RSA or ECDSA server certificate and a CA certificate for each site-to-

site VPN IPsec map configuration. If you use certificate-based authentication, the peer must be identified by

its certificate subject-name distinguished name (for deployments using IKEv2) or by the peer’s IP address

Dell Networking W-Series ArubaOS 6.4.x | User Guide Virtual Private Networks | 355