Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Airwave

161

162

163

164

165

166

167

168

169

170

164 | Configuration Reference Dell PowerConnect W-AirWave 7.4 | Configuration Guide

Advanced Services > VPN Services > L2TP

The combination of Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPSec) is a highly secure

technology that enables VPN connections across public networks such as the Internet. L2TP/IPSec provides both

a logical transport mechanism on which to transmit PPP frames as well as tunneling or encapsulation so that the

PPP frames can be sent across an IP network. L2TP/IPSec relies on the PPP connection process to perform user

authentication and protocol configuration. With L2TP/IPSec, the user authentication process is encrypted using

the Data Encryption Standard (DES) or Triple DES (3DES) algorithm.

L2TP/IPSec requires two levels of authentication:

Priority Blank Enter the priority number of this IKE policy.

Other Settings

Encryption From the drop-down menu, select the encryption type to be supported in the IKE

policy.

 DES

 3DES

 AES128

 AES192

 AES256

Hash Algorithm Select the hash algorithm for this IKE policy.

 MD5

 SHA

 SHA1-96

 SHA2-256-128

 SHA2-384-192

NOTE: ‘SHA2-256-128’ and ‘SHA2-384-192’ require an Advanced Cryptography license

and a minimum version of 6.1.0.0.

Authentication ArubaOS VPNs support client authentication using pre-shared keys, RSA digital

certificates, or Elliptic Curve Digital Signature Algorithm (ECDSA) certificates. To set

the authentication type for the IKE rule, click the Authentication drop-down list and

select one of the following types:

 Pre-Share (for IKEv1 clients using pre-shared keys)

 RSA (for clients using certificates)

 ECDSA-256 (for clients using certificates)

 ECDSA-384 (for clients using certificates)

NOTE: ‘ECDSA-256’ and ‘ECDSA-384’ require an Advanced Cryptography license and

a minimum version of 6.1.0.0.

Diffie-Hellman Group Diffie-Hellman is a key agreement algorithm that allows two parties to agree upon a

shared secret, and is used within IKE to securely establish session keys. To set the

Diffie Hellman Group for the ISAKMP policy, click the Diffie Hellman Group drop-down

list and select one of the following groups:

 Group 1: 768-bit Diffie Hellman prime modulus group.

 Group 2: 1024-bit Diffie Hellman prime modulus group.

 Group 19: 256-bit random Diffie Hellman ECP modulus group.

 Group 20: 384-bit random Diffie Hellman ECP modulus group.

NOTE: ‘EC 256-bit (19)’ and ‘EC 384-bit (20)’ require an Advanced Cryptography license

and a minimum version of 6.1.0.0.

Lifetime empty Set the Security Association Lifetime to define the lifetime of the security association,

in seconds.

Version 1 Select 1 to configure the VPN for IKEv1, or 2 for IKEv2.

Table 89 Advanced Services > VPN Services > IKE > IKE Policy Fields and Descriptions (Continued)

Field Default Description