Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 129

Table 58 Security > User Roles > Add VPN Dialer Field Descriptions (Continued) Field Default Description Other Settings Enable PPTP No Enable L2TP Yes Send traffic to the No direct network in clear Disable wireless No devices when client is wired Enable SecurID New No and Next Pin Mode PPP Authentication Modes CHAP MSCHAP MSCHAPv2 PAP Enable PPTP with this setting as desired. Point-to-Point Tunneling Protocol (PPTP) is an alternative to L2TP/IPSec. Like L2TP/ IPSec, PPTP provides a logical transport mechanism to send PPP frames as well as tunneling or encapsulation so that the PPP frames can be sent across an IP network. PPTP relies on the PPP connection process to perform user authentication and protocol configuration. With PPTP, data encryption begins after PPP authentication and connection process is completed. PPTP connections use Microsoft Point-to-Point Encryption (MPPE), which uses the Rivest-Shamir-Aldeman (RSA) RC-4 encryption algorithm. PPTP connections require user-level authentication through a PPP-based authentication protocol (MSCHAPv2) is the currently-supported method). Enable L2TP with this setting as desired. The combination of Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/ IPSec) is a highly secure technology that enables VPN connections across public networks such as the Internet. L2TP/IPSec provides both a logical transport mechanism on which to transmit PPP frames as well as tunneling or encapsulation so that the PPP frames can be sent across an IP network. L2TP/IPSec relies on the PPP connection process to perform user authentication and protocol configuration. With L2TP/IPSec, the user authentication process is encrypted using the Data Encryption Standard (DES) or Triple DES (3DES) algorithm. L2TP/IPSec requires two levels of authentication:  Computer-level authentication with a preshared key to create the IPSec security associations (SAs) to protect the L2TP-encapsulated data.  User-level authentication through a PPP-based authentication protocol using passwords, SecureID, digital certificates, or smart cards after successful creation of the SAs. Use this setting if no encryption is to be used and packets passing between the wireless client and controller are to be in clear text. Use this setting to disable wireless clients when a wired device is known to be on the VPN. Use this setting to enable or disable SecurID PIN modes. The SecurID authentication scheme authenticates the user on a RSA ACE/Server. When challenged, the user has to enter a password that is a combination of two numbers: a personal identification number (PIN), supplied by RSA, combined with a token code, which is the number displayed on the RSA SecurID authenticator. New PIN mode is applied in cases where the authentication process requires additional verification of the PIN. In this case, the user is required to use a new PIN. The new PIN is derived from one of the following two sources, depending on the configuration of the RSA ACE/Server:  The user is prompted to select and enter a new PIN.  The server supplies the user with a new PIN. The user is then required to re-authenticate with the new PIN. The use of the New PIN mode is optional and can be enabled or disabled. Use this section to select the authentication modes to be supported for PPP in the VPN. The following options are available:  CHAP  Cache SecurID Token  MSCHAP  MSCHAPv2  PAP Dell PowerConnect W AirWave 7.2 | Configuration Guide Dell PowerConnect W Configuration Reference | 129