ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Virtual Private Networking Using IPsec Connections 5-37
v1.0, April 2010
To edit a VPN policy:
1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs display, with the IKE
Policies screen in view (see Figure 5-20 on page 5-22).
2. Click the VPN Policies submenu tab. The VPN Policies screen displays (see Figure 5-22 on
page 5-30).
3. In the List of VPN Policies table, click the Edit table button to the right of the VPN policy that
you want to edit. The Edit VPN Policy screen displays. This screen shows the same fields as
the Add New VPN Policy screen (see Figure 5-23 on page 5-32).
4. Modify the settings that you wish to change (see Table 5-12 on page 5-33).
5. Click Apply to save your changes. The modified VPN policy is displayed in the List of VPN
Policies table.
Configuring Extended Authentication (XAUTH)
When many VPN clients connect to a VPN firewall, you might want to use a unique user
authentication method beyond relying on a single common pre-shared key for all clients. Although
you could configure a unique VPN policy for each user, it is more efficient to authenticate users
from a stored list of user accounts. XAUTH provides the mechanism for requesting individual
authentication information from the user, and a local user database or an external authentication
server, such as a RADIUS server, provides a method for storing the authentication information
centrally in the local network.
You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH are
available:
• Edge Device. The VPN firewall is used as a VPN concentrator on which one or more gateway
tunnels terminate. You must specify the authentication type that must be used during
verification of the credentials of the remote VPN gateways: User Database, RADIUS-PAP, or
RADIUS-CHAP.
• IPsec Host. Authentication by the remote gateway through a user name and password that are
associated with the IKE policy. The user name and password that are used to authenticate the
VPN firewall must be specified on the remote gateway.
Note: If a RADIUS-PAP server is enabled for authentication, XAUTH first checks the
local user database for the user credentials. If the user account is not present, the
VPN firewall then connects to a RADIUS server.
To Next Page
Loading...
