You are here: Home > CLI Commands > Just_CLI_Topics > vpn-dialer

vpn-dialer

vpn-dialer <name>

enable dnetclear|l2tp|pptp|securid_newpinmode|wirednowifi

ike {authentication {pre-share <key>|rsa-sig}|encryption {3des|des}|

 group {1|2}|hash {md5|sha}|lifetime [<seconds>]}

ipsec {encryption {esp-3des|esp-des}|hash {esp-md5-hmac|esp-sha-hmac}|

 lifetime [<seconds>]|pfs {group1|group2}}

no {enable...|ipsec...|ppp...}

ppp authentication {cache-securid|chap|mschap|mschapv2|pap}

Description

This command configures the VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. dialer.

Syntax

Parameter

Description

Range

Default

<name>

Name that identifies this VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. dialer configuration.

enable

Enables dialer operations:

dnetclear

Enables “split tunneling” functionality so that traffic destined for the internal network is tunneled while traffic for the Internet is not. This option is not recommended for security reasons.

disabled

l2tp

Allows the dialer to negotiate a Layer-2 Tunneling Protocol (L2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations. )/IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel with the managed device.

enabled

pptp

Allows the dialer to negotiate a Point-to-Point Tunneling Protocol (PPTPPoint-to-Point Tunneling Protocol. PPTP is a method for implementing virtual private networks. It uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.) with the managed device.

disabled

securid_newpinmode

Supports SecurID new and next pin mode.

disabled

wirednowifi

Allows the dialer to detect when a wired network connection is in use, and shuts down the wireless interface.

disabled

ike

Configures internet key exchange (IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard.) protocol. This configuration must match the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. policy configured with the crypto isakmp policy command on the managed device.

authentication

Specifies whether preshared keys or RSARivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. signatures are used for IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. authentication.

pre-share |
rsa-sig

pre-share

encryption

Specifies the IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. encryption protocol, either DESData Encryption Standard. DES is a common standard for data encryption and a form of secret key cryptography, which uses only one key for encryption and decryption. or 3DESTriple Data Encryption Standard. 3DES is a symmetric-key block cipher that applies the DES cipher algorithm three times to each data block..

3des | des

3des

group

Specifies the Diffie-Hellman group, either 1 or 2.

1 | 2

2

hash

Specifies the HASH algorithm, ether SHASecure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. or MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. .

md5 | sha

sha

lifetime

Specifies how long an IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. security association lasts, in seconds.

300-86400

28800 seconds

ipsec

Configures IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session.. This configuration must match the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. parameters configured with the crypto dynamic-map and crypto ipsec commands on the managed device.

encryption

Specifies the encryption type for IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session., either DESData Encryption Standard. DES is a common standard for data encryption and a form of secret key cryptography, which uses only one key for encryption and decryption. or 3DESTriple Data Encryption Standard. 3DES is a symmetric-key block cipher that applies the DES cipher algorithm three times to each data block..

esp-3des | esp-des

esp-3des

hash

Specifies the hash algorithm used by IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session., either MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. or SHASecure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. .

esp-md5-
hmac | esp-
sha- hmac

esp-sha-
hmac

lifetime

Specifies how long an IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. security association lasts, in seconds.

300-86400

7200 seconds

pfs

Specifies the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. Perfect Forward Secrecy (PFSPerfect Forward Secrecy. PFS refers to the condition in which a current session key or long-term private key does not compromise the past or subsequent keys.) mode, either group 1 or group 2.

group1 | group2

group2

no

Negates any configured parameter.

ppp authentication

Enables the protocols for PPPPoint-to-Point Protocol. PPP is a data link (layer 2) protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption, and compression. authentication. This list should match the L2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations. or PPTPPoint-to-Point Tunneling Protocol. PPTP is a method for implementing virtual private networks. It uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. configuration configured with the vpdn command on the managed device.

cache-securid

The managed device caches Secure ID tokens so that the user does not need to reauthenticate each time a network connection is lost.

disabled

chap

Use CHAPChallenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients. with PPPPoint-to-Point Protocol. PPP is a data link (layer 2) protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption, and compression. authentication.

enabled

mschap

Use MSCHAP with PPPPoint-to-Point Protocol. PPP is a data link (layer 2) protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption, and compression. authentication.

enabled

mschapv2

Use MSCHAPv2 with PPPPoint-to-Point Protocol. PPP is a data link (layer 2) protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption, and compression. authentication.

enabled

pap

Use PAPPassword Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure. with PPPPoint-to-Point Protocol. PPP is a data link (layer 2) protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption, and compression. authentication.

enabled

Usage Guidelines

A VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. dialer is a Windows application that configures a Windows client for use with the VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. services in the managed device. When VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. is used as an access method, a user can login using captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. and download a VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. dialer. You can customize a VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. dialer for a user role configured with the user-role command. After the user authenticates via captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users., a link appears to allow download of the VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. dialer if a dialer is configured for the user role.

Example

The following command configures a VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. dialer:

(host)[node] (config) #vpn-dialer default-dialer

ike authentication pre-share f00xYz123BcA

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

Available on all platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/