Specifications
VPN Configuration 523
Chapter 23
z Username and/or password is wrong
z Alcatel switch is not allowed to access RADIUS server (NAS IP on RADIUS)
2(b). Set up and Test Internal Database
Skip this step if you are using RADIUS. Proceed to Step 3.
To configure the local database:
(Alcatel6000) (config) #
aaa vpn-authentication auth-server Internal
(Alcatel6000) (config) #
aaa captive-portal auth-server Internal
(Alcatel6000) (config) #
exit
Add a user to the internal database.
(Alcatel6000) #
local-userdb add username foo password bar role
employee
Test the internal server with username: foo, password bar.
(Alcatel6000) # aaa test-server Internal foo bar
Authentication successful
3. Set up L2TP IPSec VPN Server on OmniAccess
6000
To configure a Layer 2 Tunneling Protocol, IP Security Virtual Private Network
Server:
(Alcatel6000) (config) #
crypto isakmp policy 10
(Alcatel6000) (config-isakmp) #
authentication pre-share
(Alcatel6000) (config-isakmp) #
exit
Set up IKE with a customer provided pre-shared key, keep 0.0.0.0 as is:
(Alcatel6000) (config) #
crypto isakmp key f00xYz123BcA address 0.0.0.0
netmask 0.0.0.0
Using a customer provided VPN IP pool):
(Alcatel6000) (config) # ip local pool vpnaddr 2.2.2.1 2.2.2.254
Set up L2TP:
(Alcatel6000) (config) # vpdn group l2tp
PAP will work with most RADIUS servers, use “CACHE-SECURID” if using
RSA SecurID):