Filter
Top Products
Configuring a Basic L2TP VPN in the CLI
Use the following procedures to use the command-line interface to configure a remote access VPN for L2TP IPsec.
1. Define the authentication method and server addresses:
(host)(config) #vpdn group l2tp
enable
client configuration {dns|wins} <ipaddr1> [<ipaddr2>]
2. Enable authentication methods for IKEv1 clients
vpdn group l2tp ppp authentication {cache-securid|chap|eap|mschap|mschapv2|pap
3. Create address pools:
(host)(config) #ip local pool <pool> <start-ipaddr> <end-ipaddr>
4. Configure source NAT
(host)(config) #ip access-list session srcnatuser any any src-nat pool <pool> position 1
5. If you are configuring a VPN to support machine authentication using certificates, define server certificates for
VPN clients using IKEv1.
For IKEv1
: (host)(config) #crypto-local isakmp server-certificate <cert>
6. If you are configuring a VPN to support IKEv1 Clients using pre-shared keys, you can configure a global IKE key
by entering 0.0.0.0 for both the address and netmask parameters in the command below, or configure an IKE key
for an individual subnet by specifying the IP address and netmask for that subnet.
crypto isakmp key <key> address <ipaddr|> netmask <mask>
7. Define IKE Policies:
(host)(config) #crypto isakmp policy <priority>
encryption {3des|aes128|aes192|aes256|des}
version v1|v2
authentication {pre-share|rsa-sig|ecdsa-256ecdsa-384}
group {1|2|19|20}
hash {md5|sha|sha1-96|sha2-256-128|sha2-384-192}
lifetime <seconds>
Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI
Only clients running Windows 7, StrongSwan 4.3 and Dell VIA support IKEv2. For additional information on the
authentication types supported by these clients, see “"Working with IKEv2 Clients " on page 273”.
Use the following procedures to in the WebUI configure a remote access VPN for IKEv2 clients using certificates.
l "Defining Authentication Method and Server Addresses" on page 279
l "Defining Address Pools" on page 280
l "Enabling Source NAT" on page 280
l "Selecting Certificates" on page 280
l "Configuring IKE Policies" on page 281
l "Setting the IPsec Dynamic Map" on page 282
l "Finalizing WebUI changes" on page 282
Defining Authentication Method and Server Addresses
1. First, define the authentication method and server addresses
2. Navigate to Configuration> Advanced Services > VPN Services and click the IPSEC tab.
3. To enable L2TP, select Enable L2TP (this is enabled by default).
4. Select the authentication method for IKEv1 clients. Currently supported methods are:
DellPowerConnectW-SeriesArubaOS6.2 | User Guide VirtualPrivateNetworks | 279