Remote VPN Server

To define a profile's remote VPN server settings:

  1. Select the Configuration tab from the Web UI.

  2. Select Profiles from the Configuration tab.

  3. Select Manage Profiles from the Configuration > Profiles menu.

  4. Select Security.

  5. Select VPN.

  6. Select Remote VPN Server.

    Use this screen to define the server resources used to secure (authenticate) a remote VPN connection with a target peer.

    ../images/1444.png

  7. Select either the IKEv1 or IKEv2 radio button to enforce peer key exchanges over the remote VPN server using either IKEv1 or IKEv2.

    IKEv2 provides improvements from the original IKEv1 design (improved cryptographic mechanisms, NAT and firewall traversal, attack resistance etc.) and is recommended in most deployments. The appearance of the screen differs depending on the selected IKEv1 or IKEv2 mode.

  8. Set the following IKEv1 or IKe v2 Settings:

    Authentication Method

    Use the drop-down menu to specify the authentication method used to validate the credentials of the remote VPN client. Options include Local (on board RADIUS resource if supported) and RADIUS (designated external RADIUS resource). If selecting Local, select the + Add Row button and specify a User Name and Password for authenticating remote VPN client connections with the local RADIUS resource. The default setting is Local. AP 6521 and AP 6511 model access points do not have a local RADIUS resource and must use an external RADIUS server resource.

    AAA Policy

    Select the AAA policy used with the remote VPN client. AAA policies define RADIUS authentication and accounting parameters. The access point can optionally use AAA server resources (when using RADIUS as the authentication method) to provide user database and authentication data.

  9. Refer to the Username Password Settings field and specify local user database user name and password credentials required for user validation when conducting authentication locally.

  10. Refer to the Wins Server Settings field and specify primary and secondary server resources for validating RADIUS authentication requests on behalf of a remote VPN client. These external WINS server resources are available to validate RADIUS resource requests.

  11. Refer to the Name Server Settings field and specify primary and secondary server resources for validating RADIUS authentication requests on behalf of a remote VPN client. These external name server resources are available to validate RADIUS resource requests.

  12. Select the IP Local Pool option to define an IP address and mask for a virtual IP pool used to IP addresses to remote VPN clients.

  13. If using IKEv2, specify these additional settings (required for IKEv2 only):

    DHCP Server Type

    Specify whether the DHCP server is specified as an IP address, Hostname (FQDN) or None (a different classification will be defined). Dynamic Host Configuration Protocol (DHCP) allows hosts on an IP network to request and be assigned IP addresses and discover information about the network where they reside.

    DHCP Server

    Depending on the DHCP server type selected, enter either the numerical IP address, hostname or other (if None is selected as the server type).

    NetMask

    Specify the netmask for remote VPN clients.

    IP Local Pool

    Define an IP address and mask for a virtual IP pool used to assign IP addresses to requesting remote VPN clients.

    Relay Agent IP Address

    Select this option to define DHCP relay agent IP address.

  14. Select OK to save the updates made to the Remote VPN Server screen. Selecting Reset reverts the screen to its last saved configuration.