Filter
Top Products
Configuring a VPN for XAuth Clients Using a Username and Password
This section describes how to configure a remote access VPN on the controller for Cisco VPN XAuth clients using
passwords. IKE Phase 1 authentication is done with an IKE preshared key; the user is then prompted to enter their
username and password which is verified with the internal database on the controller.
On the controller, you need to configure the following:
1. Add entries for Cisco VPN XAuth clients to the controller’s internal database, For details on configuring an
authentication server, see "Authentication Servers" on page 168
NOTE: For each client, you need to create an entry in the internal database with the entire Principal name (SubjectAltname in X.509
certificates) or Common Name as it appears on the certificate.
2. Verify that the server with the client data is part of the server group associated with the VPN authentication
profile.
3. Configure other VPN settings as described in "Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI" on
page 279, while ensuring that the following settings are selected:
l In the L2TP and XAUTH Parameters section of the Configuration>VPN Services>IPSEC tab, enable
L2TP.
l In the L2TP and XAUTH Parameters section of the Configuration>VPN Services>IPSEC tab, enable
XAuth to enable prompting for the username and password.
l The IKE policy must have pre-shared authentication.
The following example configures a VPN for XAuth IKEv1 clients using a username and passwords. Access the
command-line interface and issue the following commands in config mode:
(host)(config) #aaa authentication vpn default
server-group internal
crypto-local isakmp xauth
(host)(config) #vpdn group l2tp
enable
client dns 101.1.1.245
(host)(config) #ip local pool pw-clients 10.1.1.1 10.1.1.250
(host)(config) #crypto isakmp key 0987654 address 0.0.0.0 netmask 0.0.00
(host)(config) #crypto isakmp policy 1
authentication pre-share
Enter the following command in enable mode to configure client entries in the internal database:
(host)(config) #local-userdb add username <name> password <password>
Working with Remote Access VPNs for PPTP
Point-to-Point Tunneling Protocol (PPTP) is an alternative to L2TP/IPsec. Like L2TP/IPsec, PPTP provides a
logical transport mechanism to send PPP frames as well as tunneling or encapsulation so that the PPP frames can be
sent across an IP network. PPTP relies on the PPP connection process to perform user authentication and protocol
configuration.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide VirtualPrivateNetworks | 287