146 | Aruba Configuration Reference AirWave Wireless Management Suite | Configuration Guide
Click Add to finish the new VPN Dialers profile, or click Save to complete the editing of an existing profile.
You return to the
VPN Dialers page. The new profile appears below the Add New VPN Dialer button.
Security > Policies
The Security > Policies page displays all currently configured policies, to include the policy name, type, and
cites the groups, user roles, and folders to which the security policy applies. To create a new policy, click
the
Add New Policy button. To edit an existing policy, click the pencil icon.
The
Security > Policy > Add New Policy page contains the following fields, as described in Table 59:
IKE Diffie-Hellman
Group
1024-bit (1) Select the IPSEC Mode Group that matches the Diffie Hellman Group
configured for the IPSEC policy. The two options are as follows:
z 1024-bit
z 768-bit
The IKE policy selections, along with the preshared key, need to be reflected
in the VPN configuration. Set the VPN configuration on clients to match the
choices made above. In case the Aruba dialer is used, these configuration
need to be made on the dialer prior to downloading the dialer onto the local
client.
IKE Hash
Algorithm
SHA Set the IKE Hash Algorithm to either SHA or MD5, to match the IKE policy for
IPSEC.
IKE Authentication Pre-Shared IKE Phase 1 authentication can be done with either an IKE preshared key or
digital certificates. This establishes how the client is authenticated with the
internal database on the controller.
The options are Pre-Shared Keys or RSA Signatures.
IPSEC Lifetime 7200 Define the IPSEC lifetime in seconds, after which a new IPSEC key is
required.
IPSEC Diffie
Hellman Group
1024-bit (1) Select the IPSEC Mode Group that matches the Diffie Hellman Group
configured for the IKE policy. The two options are as follows:
z 1024-bit
z 768-bit
The IPSEC policy selections, along with the preshared key, need to be
reflected in the VPN configuration. Set the VPN configuration on clients to
match the choices made above. In case the Aruba dialer is used, these
configuration need to be made on the dialer prior to downloading the dialer
onto the local client.
IPSEC Encryption 168-bit 3DES Specify the type of IPSEC encryption to support for the VPN. Options are as
follows:
z Encapsulating Security Payload (ESP) with 168-bit 3DES
z ESP with 56-bit DES
IPSEC Hash
Algorithm
SHA Set the IKE Hash Algorithm to either SHA or MD5, to match the IKE policy for
IKE Hash Algorithm.
Table 59 Security > Policy > Add New Policy Field Descriptions
Field Description
General Settings
Folder Top Use this field to set and display the folder with which the policy is
associated. The drop-down menu displays all folders available for
association with the policy.
Table 58 Security > User Roles > Add VPN Dialer Field Descriptions (Continued)
Field Default Description
To Next Page
Loading...
Need help?
General
