EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 349

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
349| Virtual Private Networks AOS-W 6.5.3.x| User Guide
In the CLI
To enable this feature in the switch, execute the following command:
(host) (config) #crypto-local isakmp allow-via-subnet-routes
To disable the feature in the switch, execute the following command:
(host) (config)#no crypto-local isakmp allow-via-subnet-routes
Verifying Support for AOS-W VIA-Published Subnets
To verify if the switch is configured to accept subnet routes from AOS-W VIA clients, execute the following
command:
(host) #show crypto-local isakmp allow-via-subnet-routes
Controller will accept subnet routes from via client
Limitations
The following limitations are applicable to the CFG_SET support feature for switches:
n This feature supports only IPv4
n This feature is only applicable with IKEv2
For details about how to configure and run AOS-W VIA on Linux platform, refer to the AOS-W VIA 2.3.1 Linux
Edition Release Notes.
Understanding Supported VPN AAA Deployments
If you want to simultaneously deploy various combinations of a VPN client, RAP-psk, RAP-certs, and CAP on the
same switch, see Table 83.
Each row in this table specifies the allowed combinations of AAA servers for simultaneous deployment.
Configuration rules include the following:
n RAP-certs can only use LocalDB-AP.
n An RAP-psk and RAP-cert can only terminate on the same switch if the RAP VPN profile’s AAA server uses
Local-db.
n If an RAP-psk is using an external AAA server, the RAP-cert cannot be terminated on the same switch.
n Clients can use any type of AAA server, regardless of the RAP/CAP authentication configuration server.
VPN Client RAP psk RAP certs CAP
External AAA server 1 LocalDB LocalDB-AP CPSEC-whitelist
External AAA server 1 External AAA server 1 Not supported CPSEC-whitelist
External AAA server 1 External AAA server 2 Not supported CPSEC-whitelist
LocalDB LocalDB LocalDB-AP CPSEC-whitelist
LocalDB External AAA server 1 Not supported CPSEC-whitelist
Table 83: Supported VPN AAA Deployments
Working with Certificate Groups
The certificate group feature allows you to access multiple types of certificates on the same switch. To create a
certificate group, use the following command:

Table of Contents