The default and default rap profiles are configurable

  • No School
  • AA 1
  • errohitdhamija
  • 878

This preview shows page 273 - 275 out of 878 pages.

The default and default-rap profiles are configurable, but the default-cap profile cannot be edited. Parameter default default-rap default-cap Default Role for authenticated users default-vpn-role default-vpn-role sys-ap-role 0 Maximum allowed authentication failures (The number of contiguous authentication failures before the station is blacklisted.) 0 (feature is disabled) 0 (feature is disabled) 0 (feature is disabled) Check certificate common name against AAA server disabled enabled enabled Authentication server group internal Table 46: Predefined Authentication Profile settings To edit the default VPN authentication profile: 1. Navigate to the Configuration > Security > Authentication > L3 Authentication page. 2. In the Profiles list in the left window pane, select the default VPN Authentication Profile. 3. Click the Default Roledrop-down list and select the default user role for authenticated VPN users. (For detailed information on creating and managing user roles and policies, see Roles and Policies on page 295 .) 4. (Optional) If you use client certificates for user authentication, select the Check certificate common name against AAA server checkbox to verify that the certificate's common name exists in the server. This parameter is enabled by default in the default-cap and default-rap VPN profiles, and disabled by default on all other VPN profiles. 5. (Optional) Set Max Authentication failures to an integer value (the default value is 0, which disables this feature). 6. Click Apply. 7. In the Default profile menu in the left window pane, select Server Group. 8. From the Server Group drop-down list, select the server group to be used for VPN authentication. 9. Click Apply.
Image of page 273
To configure VPN authentication via the command-line interface, access the CLI in config mode and issue the following commands: (host)(config) #aaa authentication vpn default cert-cn-lookup clone default-role < role> max-authentication-failure < number> server-group < name> Configuring a Basic VPN for L2TP/IPsec in the WebUI The combination of Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPsec) is a highly-secure technology that enables VPN connections across public networks such as the Internet. L2TP/IPsec provides both a logical transport mechanism on which to transmit PPP frames as well as tunneling or encapsulation so that the PPP frames can be sent across an IP network. L2TP/IPsec relies on the PPP connection process to perform user authentication and protocol configuration. With L2TP/IPsec, the user authentication process is encrypted using the Data Encryption Standard (DES) or Triple DES (3DES) algorithm. L2TP/IPsec using IKEv1 requires two levels of authentication: l Computer-level authentication with a preshared key to create the IPsec security associations (SAs) to protect the L2TP-encapsulated data.
Image of page 274
Image of page 275

You've reached the end of your free preview.

Want to read all 878 pages?

  • Fall '19
  • IP address, WebUI, use of Aruba Networks

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture