IPsec VPN Server Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
905
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Step 4: To enable IPsec VPN client authentication, you should enable AAA
services and specify the authentication method list. A method list describes the
sequence and authentication methods to be queried to the authentication server
to authenticate a user.
ALU(config)# aaa services
ALU(config)# aaa server-group radius <name>
ALU(config-rad-grp)# radius-server <ip-address> key
<string>
ALU(config-rad-grp)# exit
ALU(config)# aaa method-list <name> <methods>...
ALU(config)# aaa authentication remotelogin <method-
list-name>
Example:
ALU(config)# aaa services
ALU(config)# aaa server-group radius rad1
ALU(config-rad1-grp)# radius-server 10.0.0.254 key
admin
ALU(config-rad1-grp)# exit
ALU(config)# aaa method-list m1 rad1
ALU(config)# aaa authentication remotelogin m1
Note: For IPsec VPN client authentication, AAA server-group should be radius server and
method list should have client type as ‘remotelogin’.
The above AAA CLI commands are the minimum and mandatory steps to enable
client authentication.
For more details on AAA configuration commands, refer to the “System
Configuration and Monitoring” chapter in this guide).
Crypto Client Profile configuration
Following IPSec configuration is pre-requisite for a client profile. These are
mandatory for IPsec VPN Server functioning.
The configurations for all these parameters (Pre-shared Key, IKE policy,
Transform Set) are already given in the earlier sections of the document; hence it
is not repeated in this section. Use the links to see the specific commands.
• Configure pre-shared key. See “IPsec Configuration with Preshared Key”
Note: While configuring Pre-shared key for a client profile, the peer address should always
be 0.0.0.0.
To Next Page
Loading...
Need help?
General
