Virtual Private Networking Using IPv4 IPSec and L2TP Connections
195
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH
are available:
• Edge Devic
e. The wireless VPN firewall is used as a VPN concentrator on which one or
more gateway tunnels terminate. You need to specify the authentication type that should
be used during verification of the credentials of th
e remote VPN gateways: the user
database, RADIUS-PAP, or RADIUS-CHAP.
• IPSec Host. Au
thentication by the remote gateway through a user name and password
that are associated with the IKE policy. The user name and password that are used to
authenticate the wireless VPN firewall need to be specified on the remote gateway.
Note: If a RADIUS-PAP server is enabled for authentication, XAUTH first
checks the local user database for the user credentials. If the user
account is not present, the wireless VPN firewall then connects to a
RADIUS server.
Configure XAUTH for VPN Clients
Once the XAUTH has been enabled, you need to establish user accounts in the user
database to be authenticated against XAUTH, or you need to enable a RADIUS-CHAP or
RADIUS-PAP server.
Note: You cannot modify an existing IKE policy to add XAUTH while the
IKE policy is in use by a VPN policy. The VPN policy needs to be
disabled before you can modify the IKE policy.
To enable and configure XAUTH:
1. Select VPN > IPSec VPN. The IPSec VPN sub
menu tabs display with the IKE Policies
screen in view (see Figure 110 on p
age 180).
2. In the List of IKE Policies t
able, click the Edit table button to the right of the IKE policy for
which you want to enable and configure XAUTH. The Edit IKE Policy screen displays. This
screen shows the same fields as the Add IKE Policy screen (see Figure 111 on p
age 182).
3. In t
he Extended Authentication section on the screen, complete the settings as explained in
the following table:
To Next Page
Loading...
