Wireless Controller User Manual248connection between the controller and the RADIUS server with the authenticationprotocol supported by the server (PAP or CHAP). For RADIUS – PAP, the controllerfirst checks in the user database to see if the user credentials are available; if they arenot, the controller connects to the RADIUS server.8.2.2 Internet over IPSec tunnelIn this feature all the traffic will pass through the VPN Tunnel and from the RemoteGateway the packet will be routed to Internet. On the remote gateway side, theoutgoing packet will be SNAT'ed.8.3 Configuring VPN clientsRemote VPN clients must be configured with the same VPN policy parameters used inthe VPN tunnel that the client wishes to use: encryption, authentication, life time, andPFS key-group. Upon establishing these authentication parameters, the VPN Cl ient userdatabase must also be populated with an account to give a user access to the tunnel. VPN client software is required to establish a VPN tunnel between thecontroller and remote endpoint. Open source software (such as OpenVPN orOpenswan) as well as Microsoft IPsec VPN software can be configured withthe required IKE policy parameters to establish an IPsec VPN tunnel. Referto the client software guide for detailed instructions on setup as well as thecontroller’s online help.The user database contains the list of VPN user accounts that are authorized to use agiven VPN tunnel. Alternatively VPN tunnel users can be authenticated using aconfigured Radius database. Refer to the online help to determine how to populate theuser database and/or configure RADIUS authentication.8.4 PPTP / L2TP TunnelsThis controller supports VPN tunnels from either PPTP or L2TP ISP servers. Thecontroller acts as a broker device to allow the ISP's server to create a TCP controlconnection between the LAN VPN client and the VPN server.
