ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Virtual Private Networking Using IPsec Connections 5-39
v1.0, April 2010
4. Click Apply to save your settings.
User Database Configuration
When XAUTH is enabled in an Edge Device configuration, users must be authenticated either by a
local user database account or by an external RADIUS server. Whether or not you use a RADIUS
server, you might want some users to be authenticated locally. These users must be added to the
List of Users table on the Users screen, as described in “Configuring User Accounts” on page 7-9.
RADIUS Client Configuration
Remote Authentication Dial In User Service (RADIUS, RFC 2865) is a protocol for managing
authentication, authorization, and accounting (AAA) of multiple users in a network. A RADIUS
server stores a database of user information, and can validate a user at the request of a gateway or
server in the network when a user requests access to network resources. During the establishment
of a VPN connection, the VPN gateway can interrupt the process with an XAUTH request. At that
point, the remote user must provide authentication information such as a user name and password
or some encrypted response using his or her user name and password information. The gateway
then attempts to verify this information first against a local user database (if RADIUS-PAP is
enabled) and then by relaying the information to a central authentication server such as a RADIUS
server.
To configure primary and backup RADIUS servers:
1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs display, with the IKE
Policies screen in view (see Figure 5-20 on page 5-22).
Username The user name for XAUTH.
Password The password for XAUTH.
Table 5-13. Extended Authentication Settings (continued)
Item Description (or Subfield and Description)
To Next Page
Loading...
