Alcatel-Lucent AOS-W 6.5.3.x - Configuring a VPN for Clients with User Passwords

l Select Enable L2TP

l Define an IKE Shared Secret to be used for machine authentication. (To make the IKE key global, specify

This section describes how to configure a remote access VPN on the switch for L2TP/IPsec clients with user

passwords. As described earlier, L2TP/IPsec requires two levels of authentication: IKE SA authentication and

user-level authentication with the PAP authentication protocol. IKE SA is authenticated with a preshared key,

which you must configure as an IKE shared secret on the switch. User-level authentication is performed by the

On the switch, you must configure the following:

n VPN authentication profile, which defines the internal server group and the default role assigned to

authenticated clients

n L2TP/IPsec VPN with PAP as the PPP authentication (IKEv1 only).

n (For IKEv2 clients) A server certificate to authenticate the switch to clients, and a CA certificate to

Use the following procedure to configure L2TP/IPsec VPN for username/password clients through the WebUI:

1. Navigate to the Configuration > Security > Authentication > Servers page.

a. Select Internal DB to view entries for the internal database.

2. Navigate to the Configuration > Security > Authentication > L3 Authentication window.

a. Under the VPN Authentication profile , select Default > Server Group.

c. Click Apply.

a. Select Enable L2TP (this is enabled by default).

b. Select PAP for Authentication Protocols.

4. Configure other VPN settings as described in Configuring a VPN for L2TP/IPsec with IKEv2 on page 356,

while ensuring that the following settings are selected:

n In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPsec tab,

enable L2TP.

n In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPsec tab,

select PAP as the authentication protocol.

AOS-W 6.5.3.x | User Guide Virtual Private Networks | 362