Alcatel-Lucent AOS-W 6.5.3.x - Working with Remote Access Vpns for PPTP

To Next Page

To Previous Page

6. Configure other VPNsettings as described in Configuring a VPN for L2TP/IPsec with IKEv2 on page 356,

while ensuring that the following settings are selected:

n In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPSEC tab,

enable L2TP.

n In the L2TP and XAUTH Parameters section of the Configuration > VPN Services> IPSEC tab,

enable XAuth to enable prompting for the username and password.

n Define an IKE policy to use RSA or ECDSA authentication.

Configuring a VPN for XAuth Clients Using a Username and Password

This section describes how to configure a remote access VPN on the switch for Cisco VPN XAuth clients using

passwords. IKE Phase 1 authentication is done with an IKE preshared key; users are then prompted to enter

their username and password, which is verified with the internal database on the switch.

On the switch, you must configure the following:

1. Add entries for Cisco VPN XAuth clients to the switch’s internal database. For details on configuring an

authentication server, see Authentication Servers on page 178

For each client, you need to create an entry in the internal database with the entire Principal name (SubjectAltname

in X.509 certificates) or Common Name as it appears on the certificate.

2. Verify that the server with the client data is part of the server group associated with the VPN authentication

profile.

3. Configure other VPN settings as described in Configuring a VPN for L2TP/IPsec with IKEv2 on page 356,

while ensuring that the following settings are selected:

n In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPSEC tab,

enable L2TP.

n In the L2TP and XAUTH Parameters section of the Configuration > VPN Services > IPSEC tab,

enable XAuth to enable prompting for the username and password.

n The IKE policy must use pre-shared authentication.

Working with Remote Access VPNs for PPTP

Point-to-Point Tunneling Protocol (PPTP) is an alternative to L2TP/IPsec. Like L2TP/IPsec, PPTP provides a

logical transport mechanism using tunneling or encapsulation to send PPP frames across an IP network. PPTP

relies on the PPP connection process to perform user authentication and protocol configuration.

With PPTP, data encryption begins after PPP authentication and connection process is completed. PPTP

connections are encrypted through Microsoft Point-to-Point Encryption (MPPE), which uses the Rivest-Shamir-

Aldeman (RSA) RC-4 encryption algorithm. PPTP connections require user-level authentication through a PPP-

based authentication protocol (MSCHAPv2 is the currently-supported method).

In the WebUI

1. Navigate to the Configuration > Advanced Services > VPN Services > PPTP page.

2. To enable PPTP, select Enable PPTP.

3. Select either MSCHAP or MSCHAPv2 as the authentication protocol.

4. Configure IP addresses of the primary and secondary DNS servers.

5. Configure the primary and secondary WINS Server IP addresses that are pushed to the VPN Dialer.

6. Configure the VPN Address Pool.

a. Click Add. The Add Address Pool window displays.

AOS-W 6.5.3.x | User Guide Virtual Private Networks | 364