Filter
Top Products
288 | VirtualPrivateNetworks DellPowerConnectW-SeriesArubaOS6.2 | User Guide
With PPTP, data encryption begins after PPP authentication and connection process is completed. PPTP
connections use Microsoft Point-to-Point Encryption (MPPE), which uses the Rivest-Shamir-Aldeman (RSA) RC-4
encryption algorithm. PPTP connections require user-level authentication through a PPP-based authentication
protocol (MSCHAPv2 is the currently-supported method).
In the WebUI
1. Navigate to the Configuration > Advanced Services > VPN Services > PPTPpage.
2. To enable PPTP, select Enable PPTP.
3. Select either MSCHAP or MSCHAPv2 as the authentication protocol.
4. Configure IP addresses of the primary and secondary DNS servers.
5. Configure the primary and secondary WINS Server IP addresses that are pushed to the VPN Dialer.
6. Configure the VPN Address Pool.
a. Click Add. The Add Address Pool window displays.
b. Specify the pool name, start address, and end address.
c. Click Done on completion to apply the configuration.
7. Click Applyto apply the changes made before navigating to other pages.
In the CLI
(host)(config) #vpdn group pptp
enable
client configuration {dns|wins} <ipaddr1> [<ipaddr2>]
ppp authentication {mschapv2}
(host)(config) #pptp ip local pool <pool> <start-ipaddr> <end-ipaddr>
Working with Site-to-Site VPNs
Site-to-site VPN allows sites at different physical locations to securely communicate with each other over a Layer-3
network such as the Internet. You can use Dell controllers instead of VPN concentrators to connect the sites. Or,
you can use a VPN concentrator at one site and a controller at the other site.
The Dell controller supports the following IKE SA authentication methods for site-to-site VPNs:
l Preshared key: Note that the same IKE shared secret must be configured on both the local and remote sites.
l Suite-B cryptographic algorithms
l Digital certificates: You can configure a RSA or ECDSA server certificate and a CA certificate for each site-to-
site VPN IPsec map configuration. If you are using certificate-based authentication, the peer must be identified
by its certificate subject-name distinguished name (for deployments using IKEv2) or by the peer’s IP address (for
IKEv1). For more information about importing server and CA certificates into the controller, see Management
Access on page 625.
NOTE: Certificate-based authentication is only supported for site-to-site VPN between two Dell controllers with static IP addresses.
Working with Third-Party Devices
Dell controllers can use IKEv1 or IKEv2 to establish a site-to-site VPN between another Dell controller or between
that controller and third-party device. Note, however, that only Dell controllers and devices running Windows 2008
Server or Strongswan 4.3 support IKEv2 authentication.