2.Enable authentication methods for IKEv2 clients:

(host)(config) #crypto isakmp eap-passthrough {eap-mschapv2eap-peapeap-tls}

3.Create address pools:

(host)(config) #ip local pool <pool> <start-ipaddr> <end-ipaddr>

4.Configure source NAT

(host)(config) #ip access-list session srcnat user any any src-nat pool <pool> position 1

5.If you are configuring a VPN to support machine authentication using certificates, define server certificates for VPN clients using IKEv2.

(host)(config) #crypto-local isakmp server-certificate <cert>

6.Define IKEv2 Policies:

(host)(config) #crypto isakmp policy <priority> encryption {3desaes128aes192aes256des} version v2

authentication {pre-sharersa-sigecdsa-256ecdsa-384} group {121920}

hash {md5shasha1-96sha2-256-128sha2-384-192}

prf PRF-HMAC-MD5PRF-HMAC-SHA1PRF-HMAC-SHA256PRF-HMAC-SHA384 lifetime <seconds>

7.Define IPsec Tunnel parameters

(host)(config) #crypto ipsec mtu <max-mtu>

transform-set <transform-set-name> esp-3desesp-aes128esp-aes128-gcmesp-aes192esp- aes256esp-aes256-gcmesp-des esp-md5-hmacesp-null-macesp-sha-hmac

Configuring a VPN for Smart Card Clients

This section describes how to configure a remote access VPN on the controller for Microsoft L2TP/IPsec clients with smart cards. (A smart card contains a digital certificate which allows user-level authentication without the user entering a username and password.) As described previously in this chapter, L2TP/IPsec requires two levels of authentication: first, IKE SA (machine) authentication, and then user-level authentication with an IKEv2 or PPP- based authentication protocol.

Microsoft clients running Windows 7 (or later versions) support both IKEv1 and IKEv2. Microsoft clients using IKEv2 support machine authentication using RSA certificates (but not ECDSA certificates or pre-shared keys) and smart card user-level authentication with EAP-TLS over IKEv2.

NOTE: Windows 7 clients without smart cards also support user password authentication using EAP-MSCHAPv2 or PEAP-

MSCHAPv2.

Working with Smart Card clients using IKEv2

To configure a VPN for Windows 7 clients using smart cards and IKEv2, follow the procedure described in "Configuring a VPN for L2TP/IPsec with IKEv2 in the WebUI" on page 279, and ensure that the following settings are configured

L2TP is enabled.

User Authentication is set to EAP-TLS.

IKE version is set to V2

The IKE policy is configured for ECDSA or RSA certificate authentication.

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Virtual Private Networks 283

Page 282 Page 284
Page 283
Image 283
Dell 6.2 Configuring a VPN for Smart Card Clients, Working with Smart Card clients using IKEv2, Define IKEv2 Policies
Page 282 Page 284

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.
Top Page Image Contents