Filter
Top Products
4. (Optional) If you use client certificates for user authentication, select the Check certificate common name
against AAA server checkbox to verify that the certificate's common name exists in the server. This parameter is
enabled by default in the default-cap and default-rap VPN profiles, and disabled by default on all other VPN
profiles.
5. (Optional) Set Max Authentication failures to an integer value (the default value is 0, which disables this
feature).
6. Click Apply.
7. In the Default profile menu in the left window pane, select Server Group.
8. From the Server Group drop-down list, select the server group to be used for VPN authentication.
9. Click Apply.
To configure VPN authentication via the command-line interface, access the CLI in config mode and issue the
following commands:
(host)(config) #aaa authentication vpn default
cert-cn-lookup
clone
default-role <role>
max-authentication-failure <number>
server-group <name>
Configuring a Basic VPN for L2TP/IPsec in the WebUI
The combination of Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPsec) is a highly-secure
technology that enables VPN connections across public networks such as the Internet. L2TP/IPsec provides both a
logical transport mechanism on which to transmit PPP frames as well as tunneling or encapsulation so that the PPP
frames can be sent across an IP network. L2TP/IPsec relies on the PPP connection process to perform user
authentication and protocol configuration. With L2TP/IPsec, the user authentication process is encrypted using the
Data Encryption Standard (DES) or Triple DES (3DES) algorithm.
L2TP/IPsec using IKEv1 requires two levels of authentication:
l Computer-level authentication with a preshared key to create the IPsec security associations (SAs) to protect the
L2TP-encapsulated data.
l User-level authentication through a PPP-based authentication protocol using passwords, SecureID, digital
certificates, or smart cards after successful creation of the SAs.
NOTE: Note that only Windows 7 clients, StrongSwan 4.3 clients and VIA clients support IKEv2. For additional information on the
authentication types supported by these clients, see "Working with IKEv2 Clients " on page 273.
Use the following procedures to configure a remote access VPN for L2TP IPsec for clients using pre-shared keys,
certificates or EAP for authentication using the WebUI.
l "Defining Authentication Method and Server Addresses" on page 279
l "Defining Address Pools" on page 280
l "Enabling Source NAT" on page 280
l "Selecting Certificates" on page 280
l "Defining IKEv1 Shared Keys" on page 277
l "Configuring IKE Policies" on page 281
l "Setting the IPsec Dynamic Map" on page 282
l "Finalizing WebUI changes" on page 282
DellPowerConnectW-SeriesArubaOS6.2 | User Guide VirtualPrivateNetworks | 275