Configuration manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-AirWave 7.4

131

132

133

134

135

136

137

138

139

140

140 | Configuration Reference Dell PowerConnect W-AirWave 7.4 | Configuration Guide

Enable SecurID New

and Next Pin Mode

No Use this setting to enable or disable SecurID PIN modes.

The SecurID authentication scheme authenticates the user on a RSA ACE/Server.

When challenged, the user has to enter a password that is a combination of two

numbers: a personal identification number (PIN), supplied by RSA, combined with a

token code, which is the number displayed on the RSA SecurID authenticator.

New PIN mode is applied in cases where the authentication process requires

additional verification of the PIN. In this case, the user is required to use a new PIN.

The new PIN is derived from one of the following two sources, depending on the

configuration of the RSA ACE/Server:

 The user is prompted to select and enter a new PIN.

 The server supplies the user with a new PIN.

The user is then required to re-authenticate with the new PIN. The use of the New PIN

mode is optional and can be enabled or disabled.

PPP Authentication

Modes

CHAP

MSCHAP

MSCHAPv2

PAP

Use this section to select the authentication modes to be supported for PPP in the

VPN. The following options are available:

 CHAP

 Cache SecurID Token

 MSCHAP

 MSCHAPv2

 PAP

IKE Lifetime

(300-85400 secs)

28800 Specify the Internet Key Exchange (IKE) Lifetime in seconds. When this period of time

expires, the IKE SA is replaced by a new SA or is terminated.

The IKE SA specifies values for the IKE exchange: the authentication method used,

the encryption and hash algorithms, the Diffie-Hellman group used, the lifetime of the

IKE SA in seconds, and the shared secret key values for the encryption algorithms.

The IKE SA in each peer is bi-directional.

IKE Encryption 168-bit 3DES-

CBC

Select the Internet Key Exchange (IKE) encryption method from the following two

options:

 168-bit 3DES-CBC

 56-bit DES-CBC

IKE Diffie-Hellman

Group

1024-bit (1) Select the IPSEC Mode Group that matches the Diffie Hellman Group configured for

the IPSEC policy. The two options are as follows:

 1024-bit

 768-bit

The IKE policy selections, along with the preshared key, need to be reflected in the

VPN configuration. Set the VPN configuration on clients to match the choices made

above. In case the Dell PowerConnect W dialer is used, these configuration need to

be made on the dialer prior to downloading the dialer onto the local client.

IKE Hash Algorithm SHA Set the IKE Hash Algorithm to either SHA or MD5, to match the IKE policy for IPSEC.

IKE Authentication Pre-Shared IKE Phase 1 authentication can be done with either an IKE preshared key or digital

certificates. This establishes how the client is authenticated with the internal

database on the controller.

The options are Pre-Shared Keys or RSA Signatures.

IPSEC Lifetime 7200 Define the IPSEC lifetime in seconds, after which a new IPSEC key is required.

IPSEC Diffie Hellman

Group

1024-bit (1) Select the IPSEC Mode Group that matches the Diffie Hellman Group configured for

the IKE policy. The two options are as follows:

 1024-bit

 768-bit

The IPSEC policy selections, along with the preshared key, need to be reflected in the

VPN configuration. Set the VPN configuration on clients to match the choices made

above. In case the Dell PowerConnect W dialer is used, these configuration need to

be made on the dialer prior to downloading the dialer onto the local client.

Table 68 Security > User Roles > Add VPN Dialer Fields and Descriptions (Continued)

Field Default Description