Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-7000
12345678910
Release Notes Configuring VPN Inter-operability
Release 3.5 Enhanced Support for VPN Clients
Rel. 3.5 Release Notes Page 3 of 30
! Example 5: An ANG-1100 is connected to a Nortel, Cisco or
Nokia/Checkpoint router by a Peer to Peer tunnel.
Configuring VPN Inter-operability
Aurorean Release 3.5 provides seamless VPN inter-operability with Microsoft
Windows XP and Windows 2000 desktops featuring support for the L2TP/IPSec
tunneling protocol, EAP and Microsofts Certificate Authority (PKI). This
infrastructure permits a single user log on from a remote Win XP/2000 workstation
through a VPN tunnel to the Aurorean Network Gateway with authentication by a
RADIUS server (Microsofts IAS) to the Active Directory. The Aurorean Release 3.5
VPN works just as effectively with 2-factor authentication (SecurID), digital
certificates and smart cards.
To configure Windows XP/2000 clients for VPN, consult Microsoft documentation at
the following URL: www.microsoft.com/vpn.
Configuring an ANG server to connect with a Windows XP client consists of
performing certificate enrollment and adding a Microsoft RADIUS plugin on the
APS-3000/7000. Instructions are described later in this document.
Certificate Enrollment on the APS Using Windows 2000 CA
To perform certificate enrollment on your APS, refer to Upgrading to Aurorean
Release 3.5 on page 4.
NOTE
To enroll in the Certificate Authority on the APS - if you have an Auorrean system
software release lower than 3.5 - you must first upgrade Windows Internet
Explorer to Release 5.5. Refer to Installing Internet Explorer Version 5.5 on APS-
3000/7000 on page 5 for instructions.
Configuring the RADIUS Plugin
To configure the Microsoft RADIUS plugin on the APS, refer to Configuring the
RADIUS Plugin on page 3.
Caveats
The following combinations of protocol options that might be required by a non-
Windows VPN client are not supported in Release 3.5:
! L2TP is not supported without IPSec encryption. The ANG security policy
drops all L2TP packets not encrypted by IPSec.
! Since L2TP must be encrypted with IPSec, MPPE (encryption protocol used
by PPTP), is not supported within L2TP.
! The PPP PAP authentication protocol is not supported. User authentication
must be MS-Chap or EAP.