Filter
Top Products
peers, or select Per Peer ID and specify the FQDN to make the controller a responder for one specific
initiator only.
18. Select an authentication type. For pre-shared key authentication, select Pre-Shared Key, then enter a shared
secret in the IKE Shared Secret and Verify IKE Shared Secret fields. This authentication type is required in
IPsec maps for a VPN with a dynamically addressed peer.
-or-
For certificate authentication, select Certificate, then click the Server Certificate and CA certificate drop-down
lists to select certificates previously imported into the controller. See Management Access on page 625 for more
information.
19. Click Done to apply the site-to-site VPN configuration.
20. Click Apply.
21. Click the IPSEC tab to configure an IKE policy.
a. Under IKE Policies, click Addto open the IPSEC Add Policy configuration page.
b. Set the Priorityto 1 for this configuration to take priority over the Default setting.
c. Set the Version type to match the IKE version you selected in Step 10 above.
d. Set the Encryption type from the drop-down menu.
e. Set the HASH Algorithm from the drop-down menu.
f. Set the Authentication to PRE-SHARE if you are using preshared keys. If you are using certificate-based IKE,
select RSA or ECDSA.
g. Set the Diffie Hellman Group from the drop-down menu.
h. The IKE policy selections, including any preshared key, need to be reflected in the VPN client configuration.
When using a third party VPN client, set the VPN configuration on clients to match the choices made above.
If the Dell dialer is used, you must configure the dialer prior to downloading the dialer onto the local client.
i. Click Doneto activate the changes.
j. Click Apply.
In the CLI
To use the command-line interface to configure a site-to-site VPN with two static IP Dell controllers using IKEv1,
issue the following commands:
(host)(config) #crypto-local ipsec-map <name> <priority>
src-net <ipaddr> <mask>
dst-net <ipaddr> <mask>
peer-ip <ipaddr>
vlan <id>
version v1|v2
peer-cert-dn <peer-dn>
pre-connect enable|disable
trusted enable
For certificate authentication:
set ca-certificate <cacert-name>
set server-certificate <cert-name>
(host)(config) #crypto isakmp policy <priority>
encryption {3des|aes128|aes192|aes256|des}
version v1|v2
authentication {rsa-sig|ecdsa-256ecdsa-384}
group {1|2|19|20}
hash {md5|sha|sha1-96|sha2-256-128|sha2-384-192}
DellPowerConnectW-SeriesArubaOS6.2 | User Guide VirtualPrivateNetworks | 291