Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

353| Virtual Private Networks AOS-W 6.5.3.x| User Guide

l Extensible Authentication Protocol (EAP)

l Challenge Handshake Authentication Protocol (CHAP)

l Microsoft Challenge Handshake Authentication Protocol (MSCHAP)

l Microsoft Challenge Handshake Authentication Protocol version 2 (MSCHAPv2)

5. Configure the IP addresses of the primary and secondary Domain Name System (DNS) servers and the

primary and secondary Windows Internet Naming Service (WINS) Server that are pushed to the VPN client.

Defining Address Pools

Next, define the pool from which the clients are assigned addresses:

1. In the Address Pools section of the IPSEC tab, click Add to open the Add Address Pool page.

2. Specify the pool name, start address, and end address.

3. Click Done.

RADIUS Framed-IP-Address for VPN Clients

IP addresses are usually assigned to VPN clients from configured local address pools. However, the Framed-IP-

Address attribute that is returned from a RADIUS server can be used to assign the IPaddress.

VPN clients use different mechanisms to establish VPN connections with the switch, such as IKEv1, IKEv2, EAP,

or a user certificate. Regardless of how the RADIUS server is contacted for authentication, the Framed-IP-

Address attribute is assigned the IP address as long as the RADIUS server returns the attribute. The Framed-IP-

Address value always has a higher priority than the local address pool.

Enabling Source NAT

In the Source NAT section of the IPSEC tab, select Enable Source NAT if the IP addresses of clients must be

translated to access the network. If source NAT is enabled, click the NAT pool drop-down list and select an

existing NAT pool. To create a new NATpool:

1. Navigate to Configuration > Network > IP > NAT Pools.

2. Click Add.

3. In the Pool Name field, enter a name for the new NAT pool, up to 63 alphanumeric characters.

4. In the Start IP address field, enter the dotted-decimal IP address that defines the beginning of the range

of source NAT addresses in the pool.

5. In the End IP address field, enter the dotted-decimal IP address that defines the end of the range of source

NAT addresses in the pool.

6. In the Destination NAT IP Address field, enter the destination NAT IP address in dotted-decimal format.

If you do not enter an address into this field, the NAT pool will use the destination NAT IP 0.0.0.0.

7. Click Done.

8. Navigate to Configuration > Advanced Services > VPN Services and click the IPSEC tab to return to the

IPsec window.

9. Click the NAT Pool drop-down list and select the NAT pool you just created.

Selecting Certificates

If you are configuring a VPN to support machine authentication using certificates, define the IKE Server

certificates for VPN clients using IKE. Note that these certificates must be imported into the switch, as

described in Management Access on page 833.

1. Select the server certificate for client machines using IKE by clicking the IKE Server Certificate drop-down

list and selecting an available certificate name.

Alcatel-Lucent AOS-W 6.5.3.x - Page 353