Applying The Pool To An Ike Policy; Using Extended Authentication (Xauth) (Optional) - HP 7102dl - ProCurve Secure Router Configuration Manual
Procurve secure router 7000dl series - advanced management and configuration guide
Hide thumbs
Also See for 7102dl - ProCurve Secure Router:
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
Parameter
Function
address range
The router assigns these addresses to clients
with which it has established an IKE SA.
DNS server
The DNS server resolves hostnames into IP
addresses for the client.
WINS server
dynamic IP addresses for the client.
For example, include the entire 192.168.100.0 /24 subnet:
ProCurve(config-ike-client-pool)# ip-range 192.168.100.1 192.168.100.254
Use the commands shown in Table 10-16 to configure optional configurations
such as server addresses.
Table 10-16. IKE Client Configuration Pools
The WINS server resolves hostnames into
Applying the Pool to an IKE Policy
Move to the configuration mode context for the IKE policy that users will use
to establish the IKE SA. Then enter this command:
Syntax: client configuration pool <poolname>
For example:
ProCurve(config-crypto-ike)# client configuration pool VPNUsers
Using Extended Authentication (Xauth) (Optional)
In a site-to-site VPN, IKE authenticates the remote gateway device. However,
if your organization's security policies require it, you can also configure the
router to authenticate individual remote VPN users. When you enable an Xauth
server on the ProCurve Secure Router, the router requests authentication
information from a remote user between establishing the IKE SA and the IPSec
SA. You can also use Xauth for increased security in client-to-site VPNs since
many clients, including the ProCurve VPN Client, support Xauth.
You can also use Xauth to authenticate the gateway device itself. You can
configure the ProCurve Secure Router to be an Xauth host, and authenticate
itself to a peer that requires Xauth. However, if you enable the Xauth host on
an IKE policy, the router cannot also use the Xauth server with that policy. For
this reason, you might want to use the Xauth server with IKE policies that
respond to IKE and the Xauth host with policies that only initiate IKE.
Virtual Private Networks
Configuring a VPN Using IPSec
Command Syntax
ip-range <first A.B.C.D> <final
A.B.C.D>
dns-server <server1 A.B.C.D>
[<server2 A.B.C.D>]
netbios-name-server <server1
A.B.C.D> [<server2 A.B.C.D>]
10-49
- Quick Links:
- Procurve Secure Router
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
