Dell PowerConnect W-Airwave Configuration Manual

Also see for PowerConnect W-Airwave: User guide User guide Manual Manual Quick start guide

Contents

AirWave Wireless Management Suite | Configuration Guide Aruba Configuration Reference | 145Enable L2TP Yes Enable L2TP with this setting as desired.The combination of Layer-2 Tunneling Protocol and Internet ProtocolSecurity (L2TP/IPSec) is a highly secure technology that enables VPNconnections across public networks such as the Internet. L2TP/IPSecprovides both a logical transport mechanism on which to transmit PPPframes as well as tunneling or encapsulation so that the PPP frames can besent across an IP network. L2TP/IPSec relies on the PPP connection processto perform user authentication and protocol configuration. With L2TP/IPSec,the user authentication process is encrypted using the Data EncryptionStandard (DES) or Triple DES (3DES) algorithm.L2TP/IPSec requires two levels of authentication:z Computer-level authentication with a preshared key to create the IPSecsecurity associations (SAs) to protect the L2TP-encapsulated data.z User-level authentication through a PPP-based authentication protocolusing passwords, SecureID, digital certificates, or smart cards aftersuccessful creation of the SAs.Send traffic to thedirect network inclearNo Use this setting if no encryption is to be used and packets passing betweenthe wireless client and controller are to be in clear text.Disable wirelessdevices whenclient is wiredNo Use this setting to disable wireless clients when a wired device is known tobe on the VPN.Enable SecurIDNew and Next PinModeNo Use this setting to enable or disable SecurID PIN modes.The SecurID authentication scheme authenticates the user on a RSA ACE/Server. When challenged, the user has to enter a password that is acombination of two numbers: a personal identification number (PIN),supplied by RSA, combined with a token code, which is the numberdisplayed on the RSA SecurID authenticator.New PIN mode is applied in cases where the authentication process requiresadditional verification of the PIN. In this case, the user is required to use anew PIN. The new PIN is derived from one of the following two sources,depending on the configuration of the RSA ACE/Server:z The user is prompted to select and enter a new PIN.z The server supplies the user with a new PIN.The user is then required to re-authenticate with the new PIN. The use of theNew PIN mode is optional and can be enabled or disabled.PPPAuthenticationModesCHAPMSCHAPMSCHAPv2PAPUse this section to select the authentication modes to be supported for PPPin the VPN. The following options are available:z CHAPz Cache SecurID Tokenz MSCHAPz MSCHAPv2z PAPIKE Lifetime(300-85400 secs)28800 Specify the Internet Key Exchange (IKE) Lifetime in seconds. When thisperiod of time expires, the IKE SA is replaced by a new SA or is terminated.The IKE SA specifies values for the IKE exchange: the authentication methodused, the encryption and hash algorithms, the Diffie-Hellman group used, thelifetime of the IKE SA in seconds, and the shared secret key values for theencryption algorithms. The IKE SA in each peer is bi-directional.IKE Encryption 168-bit3DES-CBCSelect the Internet Key Exchange (IKE) encryption method from the followingtwo options:z 168-bit 3DES-CBCz 56-bit DES-CBCTable 58 Security > User Roles > Add VPN Dialer Field Descriptions (Continued)Field Default Description