Users Guide

Table Of Contents
359| Virtual Private Networks Dell Networking W-Series ArubaOS 6.5.x| User Guide
a. Select Internal DB to view entries for the internal database.
b. Click Add User.
c. Enter the username and password information for the client.
d. Click Enabled to activate this entry on creation.
e. Click Apply.
2. Navigate to the Configuration > Security > Authentication > L3 Authentication window.
a. Under the VPN Authentication profile , select Default > Server Group.
b. Select the internal server group from the Server Group drop-down menu.
c. Click Apply.
3. Navigate to the Configuration > Advanced Services > VPN Services > IPsec window.
a. Select Enable L2TP (this is enabled by default).
b. Select PAP for Authentication Protocols.
4. Configure other VPN settings as described in
Configuring a VPN for L2TP/IPsec with IKEv2 on page 353,
while ensuring that the following settings are selected:
l In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPsec tab,
enable L2TP.
l In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPsec tab,
select PAP as the authentication protocol.
In the CLI
The following example uses the command-line interface to configure a L2TP/IPsec VPN for
username/password clients using IKEv1:
(host)(config) #vpdn group l2tp
enable
ppp authentication pap
client dns 101.1.1.245
(host)(config) #ip local pool pw-clients 10.1.1.1 10.1.1.250
(host)(config) #crypto isakmp key <key> address 0.0.0.0 netmask 0.0.00
(host)(config) #crypto isakmp policy 1
authentication pre-share
Next, issue the following command in enable mode to configure client entries in the internal database:
(host)(config) #local-userdb add username <name> password <password>
Configuring Remote Access VPNs for XAuth
Extended Authentication (XAuth) is an Internet Draft that permits user authentication after IKE Phase 1
authentication. This authentication prompts the user for a username and password, in which user credentials
are authenticated through an external RADIUS or LDAP server or the controller’s internal database.
Alternatively, the user can initiate client authentication using a smart card, which contains a digital certificate to
verify the client credentials. IKE Phase 1 authentication can be done with either an IKE preshared key or digital
certificates.
Configuring VPNs for XAuth Clients using Smart Cards
This section describes how to configure a remote access VPN on the controller for Cisco VPN XAuth clients
using smart cards. Smart cards contain a digital certificate, allowing user-level authentication without the user