Dell PowerConnect W-Airwave Configuration Manual page 145

Table 58 Security > User Roles > Add VPN Dialer Field Descriptions (Continued)
Field
Enable L2TP
Send traffic to the
direct network in
clear
Disable wireless
devices when
client is wired
Enable SecurID
New and Next Pin
Mode
PPP
Authentication
Modes
IKE Lifetime
(300-85400 secs)
IKE Encryption
AirWave Wireless Management Suite | Configuration Guide
Default Description
Yes Enable L2TP with this setting as desired.
The combination of Layer-2 Tunneling Protocol and Internet Protocol
Security (L2TP/IPSec) is a highly secure technology that enables VPN
connections across public networks such as the Internet. L2TP/IPSec
provides both a logical transport mechanism on which to transmit PPP
frames as well as tunneling or encapsulation so that the PPP frames can be
sent across an IP network. L2TP/IPSec relies on the PPP connection process
to perform user authentication and protocol configuration. With L2TP/IPSec,
the user authentication process is encrypted using the Data Encryption
Standard (DES) or Triple DES (3DES) algorithm.
L2TP/IPSec requires two levels of authentication:
Computer-level authentication with a preshared key to create the IPSec
security associations (SAs) to protect the L2TP-encapsulated data.
User-level authentication through a PPP-based authentication protocol
using passwords, SecureID, digital certificates, or smart cards after
successful creation of the SAs.
No Use this setting if no encryption is to be used and packets passing between
the wireless client and controller are to be in clear text.
No Use this setting to disable wireless clients when a wired device is known to
be on the VPN.
No Use this setting to enable or disable SecurID PIN modes.
The SecurID authentication scheme authenticates the user on a RSA ACE/
Server. When challenged, the user has to enter a password that is a
combination of two numbers: a personal identification number (PIN),
supplied by RSA, combined with a token code, which is the number
displayed on the RSA SecurID authenticator.
New PIN mode is applied in cases where the authentication process requires
additional verification of the PIN. In this case, the user is required to use a
new PIN. The new PIN is derived from one of the following two sources,
depending on the configuration of the RSA ACE/Server:
The user is prompted to select and enter a new PIN.
The server supplies the user with a new PIN.
The user is then required to re-authenticate with the new PIN. The use of the
New PIN mode is optional and can be enabled or disabled.
CHAP Use this section to select the authentication modes to be supported for PPP
in the VPN. The following options are available:
MSCHAP
CHAP
MSCHAPv2
Cache SecurID Token
PAP
MSCHAP
MSCHAPv2
PAP
28800 Specify the Internet Key Exchange (IKE) Lifetime in seconds. When this
period of time expires, the IKE SA is replaced by a new SA or is terminated.
The IKE SA specifies values for the IKE exchange: the authentication method
used, the encryption and hash algorithms, the Diffie-Hellman group used, the
lifetime of the IKE SA in seconds, and the shared secret key values for the
encryption algorithms. The IKE SA in each peer is bi-directional.
168-bit Select the Internet Key Exchange (IKE) encryption method from the following
3DES-CBC two options:
168-bit 3DES-CBC
56-bit DES-CBC
Aruba Configuration Reference | 145