Advanced Services > Vpn Services > L2Tp - Dell PowerConnect W-Airwave Configuration Manual

Table 90
Field
Hash Algorithm
Authentication
Diffie-Hellman Group
Lifetime
Version
Advanced Services > VPN Services > L2TP
The combination of Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPSec) is a highly secure
technology that enables VPN connections across public networks such as the Internet. L2TP/IPSec provides both
a logical transport mechanism on which to transmit PPP frames as well as tunneling or encapsulation so that the
PPP frames can be sent across an IP network. L2TP/IPSec relies on the PPP connection process to perform user
authentication and protocol configuration. With L2TP/IPSec, the user authentication process is encrypted using
the Data Encryption Standard (DES) or Triple DES (3DES) algorithm.
L2TP/IPSec requires two levels of authentication:
Computer-level authentication with a preshared key to create the IPSec security associations (SAs) to protect

the L2TP-encapsulated data.
User-level authentication through a PPP-based authentication protocol using passwords, SecureID, digital

certificates, or smart cards after successful creation of the SAs.
Navigate to Advanced Services > VPN Services > L2TP page from the Dell PowerConnect W Configuration
navigation pane. This page lists all L2TP profiles that are currently available. Select Add to create a new L2TP
162 | Configuration Reference
Advanced Services > VPN Services > IKE > IKE Policy
Default
empty
1
Fields and Descriptions (Continued)
Description
Select the hash algorithm for this IKE policy.
MD5

 SHA
 SHA1-96
 SHA2-256-128
SHA2-384-192

NOTE: 'SHA2-256-128' and 'SHA2-384-192' require an Advanced Cryptography license
and a minimum version of 6.1.0.0.
ArubaOS VPNs support client authentication using pre-shared keys, RSA digital
certificates, or Elliptic Curve Digital Signature Algorithm (ECDSA) certificates. To set
the authentication type for the IKE rule, click the Authentication drop-down list and
select one of the following types:
 Pre-Share (for IKEv1 clients using pre-shared keys)
 RSA (for clients using certificates)
ECDSA-256 (for clients using certificates)

ECDSA-384 (for clients using certificates)

NOTE: 'ECDSA-256' and 'ECDSA-384' require an Advanced Cryptography license and
a minimum version of 6.1.0.0.
Diffie-Hellman is a key agreement algorithm that allows two parties to agree upon a
shared secret, and is used within IKE to securely establish session keys. To set the
Diffie Hellman Group for the ISAKMP policy, click the Diffie Hellman Group drop-down
list and select one of the following groups:
 Group 1: 768-bit Diffie Hellman prime modulus group.
 Group 2: 1024-bit Diffie Hellman prime modulus group.
Group 19: 256-bit random Diffie Hellman ECP modulus group.

 Group 20: 384-bit random Diffie Hellman ECP modulus group.
NOTE: 'EC 256-bit (19)' and 'EC 384-bit (20)' require an Advanced Cryptography license
and a minimum version of 6.1.0.0.
Set the Security Association Lifetime to define the lifetime of the security association,
in seconds.
Select 1 to configure the VPN for IKEv1, or 2 for IKEv2.
Dell PowerConnect W-AirWave 7.5 | Configuration Guide