Remote VPN Server Configuration

About this task

To configure the remote VPN server settings:

Procedure

  1. Select Remote VPN Server.

    Use this screen to define the server resources used to secure (authenticate) a remote VPN connection with a target peer.

    Click to expand in new window
    Profile Security - Remote VPN Server tab (IKEv2 example)
    GUID-5BCDA44C-A01D-46DB-ACA6-727DBAADB900-low.png
  2. Select either the IKEv1 or IKEv2 radio button to enforce peer key exchanges over the remote VPN server using either IKEv1 or IKEv2.

    IKEv2 provides improvements from the original IKEv1 design (improved cryptographic mechanisms, NAT and firewall traversal, attack resistance etc.) and is recommended in most deployments. The appearance of the screen differs depending on the selected IKE mode.

  3. Set the following IKEv1 or IKe v2 Settings:

    Authentication Method

    Use the drop-down menu to specify the authentication method used to validate the credentials of the remote VPN client. Options include Local (on board RADIUS resource if supported) and RADIUS (designated external RADIUS resource). If selecting Local, select the + Add Row button and specify a User Name and Password for authenticating remote VPN client connections with the local RADIUS resource. If selecting RADIUS, specify an AAA policy providing RADIUS server details.

    AAA Policy

    Select the AAA policy used with the remote VPN client. AAA policies define RADIUS authentication and accounting parameters. The access point can optionally use AAA server resources (when using RADIUS as the authentication method) to provide user database information and user authentication data.

  4. Refer to the Username Password Settings table and specify the username and password for validating RADIUS authentication.
  5. Refer to the Wins Server Settings table and specify primary and secondary server resources for validating RADIUS authentication requests on behalf of a remote VPN client. These external WINS server resources are available to validate RADIUS resource requests.
  6. Refer to the Name Server Settings table and specify primary and secondary server resources for validating RADIUS authentication requests on behalf of a remote VPN client. These external name server resources are available to validate RADIUS resource requests.
  7. Select the IP Local Pool option to define an IP address and mask for a virtual IP pool used to IP addresses to remote VPN clients.
  8. If using IKEv2 specify following additional settings (required for IKEv2 only):

    DHCP Server Type

    Specify whether the Dynamic Host Configuration Protocol (DHCP) server is specified as an IP address, Hostname (FQDN) or None (a different classification will be defined). DHCP allows hosts on an IP network to request and be assigned IP addresses as well as discover information about the network where they reside.

    DHCP Server

    Depending on the DHCP server type selected, enter either the numerical IP address, hostname or other (if None is selected as the server type).

    IP Local Pool

    Select this option to define an IP address and mask for a virtual IP pool used to IP addresses to remote VPN clients.

    Relay Agent IP Address

    Select this option to define DHCP relay agent IP address.

  9. Select OK to save the updates made to the Remote VPN Server screen.

    Selecting Reset reverts the screen to its last saved configuration.