NOTE: A server-derived role, if present, takes precedence over the default user role.

You then specify the default user role and authentication server group in the VPN authentication default profile, as described in the following sections.

Selecting an IKE protocol

Controllers running ArubaOS version 6.1 and later support both IKEv1 and the newer IKEv2 protocol to establish IPsec tunnels. IKEv2 is simpler, faster, and a more reliable protocol than IKEv1, though both IKEv1 and IKEv2 support the same suite-B cryptographic algorithms.

If your IKE policy uses IKEv2, you should be aware of the following caveats when you configure your VPN:

ArubaOS does not support separate pre-shared keys for both directions of an exchange; the same pre-shared key must be used by both peers. ArubaOS does not support mixed authentication with both pre-shared keys and certificates; each authentication exchange requires a single authentication type. (For example, if a client authenticates with a pre-shared key, the controller must also authenticate with a pre-shared key.)

ArubaOS does not support IKEv2 mobility (MOBIKE), Authentication Headers (AH) or IP Payload Compression Protocol (IPComp).

Understanding Suite-B Encryption Licensing

Dell controllers support Suite-B cryptographic algorithms when the Advanced Cryptography (ACR) license is installed. Table 73 describes the Suite-B algorithms supported by ArubaOS IKE Policies and IPsec tunnels. For further details on configuring a VPN to use Suite-B algorithms, see "Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI" on page 279.

Table 73: Suite-B Algorithms Supported by the ACR License

IKE Policies

Suite-B for IPsec tunnels

hash: SHA-256-128, SHA-384-192

Encryption: AES-128-GCM, AES-256-GCM

 

 

Diffie-Hellman (DH) Groups: ECP-256, ECP-384

Perfect Forward Secrecy (PFS): ECP-256, ECP-384

 

 

Pseudo-Random Function (PRF): HMAC_SHA_256, HMAC_SHA_

384

 

Suite-B certificates: ECDSA-256, ECDSA-384

NOTE: IKE Suite-B AES-128-GCM and AES-256-GCM encryption is supported by the ArubaOS hardware. IKE Suite-B Diffie-Hellman and Certificate-based signature operations and hash, PFS, and PRF algorithm functions are performed by the ArubaOS software.

The following VPN clients support Suite-B algorithms when establishing an L2TP/IPsec VPN.

272 Virtual Private Networks

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Page 272
Image 272
Dell 6.2 Selecting an IKE protocol, Understanding Suite-B Encryption Licensing, IKE Policies Suite-B for IPsec tunnels

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.