Release Notes
Parameter Description Default
NOTE: This parameter requires the
RFProtect license.
no
Negates any configured parameter. —
pan-integration
Require IP mapping at Palo Alto Networks fire-
walls.
disabled
radius-accounting <
Configure server group for
RADIUSaccounting
—
server-group <group>
Name of the group of servers used to
authenticate VPN users. See aaa server-
group on page 102.
internal
user-idle-timeout
The user idle timeout for this profile. Specify
the idle timeout value for the client in
seconds. Valid range is 30-15300 in
multiples of 30 seconds. Enabling this option
overrides the global settings configured in
the AAA timers. If this is disabled, the global
settings are used.
—
Usage Guidelines
This command configures VPN authentication settings for VPN, RAP and CAP clients.Use the vpdn group
command to configure Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPsec) or a Point-to-
Point Tunneling Protocol (PPTP) VPN connection. (See vpdn group l2tp on page 1971.)
Example
The following command configures VPN authentication settings for the default-rap profile:
aaa authentication vpn default-rap
default-role guest
clone default
max-authentication-failures 0
server-group vpn-server-group
The following message appears when a user tries to configure the non-configurable default-cap profile:
(host) (config) #aaa authentication vpn default-cap
Predefined VPN Authentication Profile "default-cap" is not editable
Command History
Version Description
ArubaOS 3.0
Command introduced.
ArubaOS 5.0
The default-cap and default-rap profiles were introduced.
ArubaOS 6.1
The cert-cn-lookup parameter was introduced.
Dell Networking W-Series ArubaOS 6.4.x | Reference Guide aaa authentication vpn | 70