EasyManua.ls Logo

NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router

NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router
180 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual
Managing Users, Authentication, and Certificates 6-7
1.1 November, 2009
When specifying RADIUS domain authentication, you are presented with several authentication
protocol choices, as summarized in the following table:
The chosen authentication protocol must be configured on the RADIUS server and on the
authenticating client devices.
Managing Certificates
The FVS318G uses Digital Certificates (also known as X509 Certificates) during the Internet Key
Exchange (IKE) authentication phase to authenticate connecting VPN gateways or clients, or to be
authenticated by remote entities. The same Digital Certificates are extended for secure web access
connections over HTTPS.
Digital Certificates can be either self signed or can be issued by Certification Authorities (CA)
such as via an in-house Windows server, or by an external organization such as Verisign or
Thawte.
However, if the Digital Certificates contain the extKeyUsage extension then the certificate must be
used for one of the purposes defined by the extension. For example, if the Digital Certificate
contains the extKeyUsage extension defined to SNMPV2 then the same certificate cannot be used
for secure web management.
The extKeyUsage would govern the certificate acceptance criteria in the FVS318G when the same
digital certificate is being used for secure web management.
Table 6-1.
Authentication
Protocol
Description
PAP Password Authentication Protocol (PAP) is a simple protocol in which the client sends a
password in clear text.
CHAP Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake
in which the client and server trade challenge messages, each responding with a hash of
the other’s challenge message that is calculated using a shared secret value.
MIAS Network validated PAP or CHAP password based authentication scheme.
WiKID WiKID is a PAP or CHAP key-based two-factor authentication method using public key
cryptography. The client sends an encrypted PIN to the WiKID server and receives a one-
time passcode with a short expiration period. The client logs in with the passcode. See
tAppendix C, “Two Factor Authentication” for more on WiKID authentication.

Table of Contents

Other manuals for NETGEAR FVS318G - ProSafe Gigabit VPN Firewall Data Sheet Router

Related product manuals