ArubaOS 8.6.0.0Help Center
You are here: > Virtual Private Networks (VPNs) > 使用用户密码为客户配置VPN

使用用户密码为客户配置VPN

This section describes how to configure a remote accessVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.on themanaged deviceforL2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。clients with user passwords.L2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。requires two levels of authentication,IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.SA安全协会。SA是两个网络实体之间建立共享的安全属性,以支持安全通信。authentication and user-level authentication with thePAP密码Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure.authentication protocol.IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.SA安全协会。SA是两个网络实体之间建立共享的安全属性,以支持安全通信。用预示键进行身份验证,您必须将其配置为IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.shared secret. User-level authentication is performed by the internal database of themanaged device.

Configure the following:

AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption.database entries for username and passwords

VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.authentication profile, which defines the internal server group and the default role assigned to authenticated clients

L2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.PAP密码Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure.as thePPP点对点协议。PPP是用于在两个节点之间建立直接连接的数据链接(第2层)协议。它可以提供连接身份验证,传输加密和压缩。authentication (IKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409.only).

(ForIKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409.clients) AnIKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.policy for preshared key authentication of theSA安全协会。SA是两个网络实体之间建立共享的安全属性,以支持安全通信。.

(ForIKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306.clients) A server certificate to authenticate themanaged device客户端和一个CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.certificate to authenticateVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.客户。

The following procedure describes how to configureL2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.for username and password clients:

1.In theMobility Masternode hierarchy, navigate to theConfiguration > Authentication > Auth Serverstab.

一个。SelectInternalfrom theServer Groupstable, and then selectInternalfrom theServer Group > Internaltable to display entries for the internal database.

b.UnderServer Group > Internal > Internal > Userstab, click+to add a new user to the internal server group.

c.Enter the用户名密码information for the client.

d.Select theEnabledcheck box to activate this entry on creation.

e.ClickSubmit.

f.Click等待更改.

g.In the等待更改window, select the check box and clickDeploy changes.

2.In the托管网络node hierarchy, navigate to the配置>身份验证> L3身份验证tab.

一个。From the L3 Authentication List, selectVPN身份验证>默认>服务器组.

b.Select theinternalserver group from the drop-down list.

c.ClickSubmit.

d.Click等待更改.

e.In the等待更改window, select the check box and clickDeploy changes.

3.Navigate to theConfiguration > Services > VPNtab.

一个。ExpandIKEv1.

b.Select theL2TPcheck box to enableL2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations..

c.Select thePAPcheck box for身份协议.

d.ClickSubmit.

e.Click等待更改.

f.In the等待更改window, select the check box and clickDeploy changes.

4.Configure otherVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.settings as described inConfiguring a VPN for L2TP/IPsec with IKEv2, while ensuring that the following settings are selected:

In theConfiguration > Services > VPN页面,选择L2TPcheck box.

In theConfiguration > Services > VPN页面,选择PAPcheck box as the authentication protocol.

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands configure aL2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations./ipsec互联网协议安全。IPSEC是用于安全IP通信的协议套件,可在通信会话中对每个IP数据包进行身份验证和加密。VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.for username and password clients usingIKEv1Internet Key Exchange version 1. IKEv1 establishes a secure authenticated communication channel by using either the pre-shared key (shared secret), digital signatures, or public key encryption. IKEv1 operates in Main and Aggressive modes. See RFC 2409.:

(主机)[mynode] (config) #vpdn group l2tp

enable

ppp authentication pap

client dns 101.1.1.245

(主机)[myNode](config)#ip本地池PW-CLIENTS 10.1.1.1 10.1.1.250

(主机)[mynode] (config) #crypto isakmp key address 0.0.0.0 netmask 0.0.00

(主机)[mynode] (config) #crypto isakmp policy 1

验证预共享

Next, issue the following command to configure client entries in the internal database:

(主机)[mynode] #local-userdb add username password

/*]]>*/
Baidu