Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

2. If you are configuring a VPN to support clients using certificates, you must also assign one or more trusted

CA certificates to VPN clients.

a. Under CA Certificate Assigned for VPN-clients, click Add.

b. Select a CA certificate from the drop-down list of CA certificates imported in the switch.

c. Click Done.

d. Repeat the above steps to add additional CA certificates.

Defining IKEv1 Shared Keys

If you are configuring a VPN to support IKEv1 and clients using pre-shared keys, you can configure a global IKE

key or IKE key for each subnet. Make sure that this key matches the key on the client.

1. In the IKE Shared Secrets section of the IPsec tab, click Add to open the Add IKE Secret page.

2. Enter the subnet and subnet mask. To make the IKE key global, specify 0.0.0.0 for both values.

3. Enter the IKE Shared Secret and Verify IKE Shared Secret.

4. Click Done.

Configuring IKE Policies

AOS-W contains several predefined default IKE policies, as described in Table 85. If you do not want to use any

of these predefined policies, you can use the procedures below to edit an existing policy or create your own

custom IKE policy instead.

The IKE policy selections, along with any preshared key, must be reflected in the VPN client configuration. When using

a third-party VPN client, set the VPN configuration on clients to match the choices made above. In case the Alcatel-

Lucent dialer is used, these configurations must be made on the dialer prior to downloading the dialer onto the local

client.

1. Scroll down to the IKE Policies section of the IPSEC tab, then click Edit to edit an existing policy or click Add

to create a new policy.

2. Enter a number into the Priority field to set the priority for this policy. Enter a priority of 1 for the

configuration to take priority over the Default setting.

3. Select the IKE version. Click the Version drop-down list and select V1 for IKEv1 or V2 for IKEv2.

4. Set the Encryption type. Click the Encryption drop-down list and select one of the following encryption

types:

n DES

n 3DES

n AES128

n AES192

n AES256

5. Set the HASH function. Click the Hash drop-down list and select one of the following hash types:

n MD5

n SHA

n SHA1-96

n SHA2-256-128

n SHA2-384-192

6. AOS-W VPNs support client authentication using pre-shared keys, RSA digital certificates, or Elliptic Curve

Digital Signature Algorithm (ECDSA) certificates. To set the authentication type for the IKE rule, click the

Authentication drop-down list and select one of the following:

AOS-W 6.5.3.x | User Guide Virtual Private Networks | 354

Alcatel-Lucent AOS-W 6.5.3.x - Page 354