Dell 6.2 Server User Manual

Open as PDF

of 869

Client Operating System

Supported Suite-B

IKE Authentication

Supported Suite-B IPsec

Encryption

l Windows 7

l Windows Vista

l Windows XP

l IKEv1 Clients using ECDSA Certificates

l IKEv1/IKEv2 Clients using ECDSA

Certificates with L2TP/PPP/EAP-TLS

certificate user-authentication

l AES-128-GCM

l AES-256-GCM

Table 74:

Client Support for Suite-B

The Suite-B algorithms described in Table 73 are also supported by Site-to-Site VPNs between Dell controllers, or

between a controller and a server running Windows 2008 or StrongSwan 4.3.

Working with IKEv2 Clients

Not all clients support the both the IKEv1 and IKEv2 protocols. Only the clients in Table 75 support IKEv2 with

the following authentication types:

Windows 7 Client StrongSwan 4.3 Client VIA Client

l Machine authentication with

Certificates

l User-name password

authentication using EAP-

MSCHAPv2 or PEAP-

MSCHAPv2

l User smart-card

authentication with EAP-TLS /

IKEv2

NOTE: Windows 7 clients using

IKEv2 do not support pre-shared

key authentication.

l Machine authentication with

Certificates

l User-name password

authentication using EAP-

MSCHAPv2.

l Suite-B cryptographic

algorithms

l Machine authentication with Certificates

l User-name password authentication using

EAP-MSCHAPv2

l EAP-TLS using Microsoft cert repository

NOTE: VIA clients using IKEv2 do not support

pre-shared key authentication.

Table 75:

VPN Clients Supporting IKEv2

Understanding Supported VPN AAA Deployments

If you want to simultaneously deploy various combinations of a VPN client, RAP-psk, RAP-certs and CAP on the

same controller, see Table 76.

Each row in this table specifies the allowed combinations of AAA servers for simultaneous deployment.

Configuration rules include:

l RAP-certs can only use LocalDB-AP

l A RAP-psk and RAP-cert can only terminate on the same controller if the RAP VPN profile’s AAA server uses

Local-db.

l If a RAP-psk is using an external AAA server, then the RAP-cert cannot be terminated on the same controller.

l Clients can use any type of AAA server, regardless of RAP/CAP authentication configuration server.

VPN Client RAP psk RAP certs CAP

External AAA server 1 LocalDB LocalDB-AP CPSEC-whitelist

Table 76:

Supported VPN AAA Deployments

DellPowerConnectW-SeriesArubaOS6.2 | User Guide VirtualPrivateNetworks | 273

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Dell 6.2 Server User Manual