Manualshelf

Specifications

ManualsBrandsAlcatel ManualsComputer equipmentOmniAccess AP61
121122123124125126127128129130
Security Options 99
Chapter 5
Address Pools - IPSec tunnel endpoints are assigned IP addresses. The
Alcatel switch endpoint will always use the switch IP address, while client
addresses are assigned from a pool. To add a new address pool, click the Add
button and fill in the pool name and the starting and ending addresses for the
pool. Multiple pools may be configured.
Enable Source NAT – If the address range included in the VPN address pool is
not routable by the rest of the network, source NAT can be enabled. When
this is enabled, the source address of all user traffic emerging from a VPN
tunnel will be changed to the switch IP address. This checkbox configures a
traffic policy for the VPN default role – if multiple roles are being used with
VPN, a source-NAT traffic policy will need to be configured for each of them.
NAT Pool Specifies the name of the NAT pool.
IKE Aggressive Group Name – When configuring IPSec XAUTH, enter the
group name. This group name must match the group name configured on
each client.
IKE Shared Secrets – Specifies IKE pre-shared keys for different IP address
ranges. This option is only used when IKE pre-shared key authentication is in
use. To configure a single IKE pre-shared key for all clients, enter a subnet of
0.0.0.0 with a mask length of 0. The IKE pre-shared key must be identically
configured on all clients. The shared secret should be treated as a password,
and should not be composed of common dictionary words or phrases.
IKE Policies Specifies encryption, hash, and authentication parameters for
IKE. The default policy configures IKE for triple-DES encryption, SHA1 hash,
and RSA public/private key authentication. To enable IKE pre-shared keys,
add a policy as shown in the example to enable pre-shared key authentication.
The equivalent CLI configuration for the example above is:
vpdn group l2tp
client configuration dns 1.1.1.1 2.2.2.2
client configuration wins 3.3.3.3 4.4.4.4
ppp authentication PAP
ppp authentication CHAP
ppp authentication MSCHAP
ppp authentication MSCHAPv2
!
ip local pool lt2p-pool 172.16.2.1 172.16.2.24
!
crypto isakmp groupname changeme
!
crypto isakmp key test123 address 0.0.0.0 netmask 0.0.0.0
!