AOS-W 6.5.3.x | User Guide Virtual Private Networks | 346
Chapter 15
Virtual Private Networks
Wireless networks can use virtual private network (VPN) connections to further secure wireless data from
attackers. The Alcatel-Lucent switch can be used as a VPN concentrator that terminates all VPN connections
from both wired and wireless clients.
This chapter describes the following topics:
n Planning a VPN Configuration on page 346
n Working with VPN Authentication Profiles on page 350
n Configuring a Basic VPN for L2TP/IPsec on page 352
n Configuring a VPN for L2TP/IPsec with IKEv2 on page 356
n Configuring a VPN for Smart Card Clients on page 361
n Configuring a VPN for Clients with User Passwords on page 362
n Configuring Remote Access VPNs for XAuth on page 363
n Working with Remote Access VPNs for PPTP on page 364
n Working with Site-to-Site VPNs on page 365
n Working with VPN Dialer on page 373
Planning a VPN Configuration
You can configure the switch for the following types of VPNs:
n Remote access VPNs: These VPNs allow hosts such as telecommuters or traveling employees to connect
to private networks (e.g. a corporate network) over the Internet. Each host must run VPN client software,
which encapsulates and encrypts traffic, then sends it to a VPN gateway at the destination network. The
switch supports the following remote access VPN protocols:
l Layer-2 Tunneling Protocol over IPsec (L2TP/IPsec)
l Point-to-Point Tunneling Protocol (PPTP)
l XAUTH IKE/IPsec
l IKEv2 with Certificates
l IKEv2 with EAP
n Site-to-site VPNs: Site-to-site VPNs allow networks, like branch office networks, to connect to other
networks like a corporate network. Unlike a remote access VPN, hosts in a site-to-site VPN do not run VPN
client software. All traffic for the other network is sent and received through a VPN gateway, which
encapsulates and encrypts the traffic.
Before enabling VPN authentication, you must configure the following:
n The default user role for authenticated VPN clients. See Roles and Policies on page 375 for information
about configuring user roles.
n The authentication server group used by the switch to validate clients. See Authentication Servers on page
178 for configuration details.
A server-derived role, if present, takes precedence over the default user role.
To Next Page
Loading...