Virtual Private Networking Using IPSec Connections
278
ProSecure Unified Threat Management (UTM) Appliance
 To enable and configure XAUTH:
1. Select VPN > IPSec VPN. The IPSec VPN submenu tabs display with the IKE Policies
screen in view (see Figure 164 on page 263).
2. In the List of IKE Policies table, click the Edit table button to the right of the IKE policy for
which you want to enable and configure XAUTH. The Edit IKE Policy screen displays. This
screen shows the same fields as the Add IKE Policy screen (see Figure 165 on page 265).
3. In the Extended Authentication section on the screen, complete the fields, select the radio
buttons, and make your selections from the drop-down lists as explained in the following
table:
4. Click Apply to save your settings.
User Database Configuration
When XAUTH is enabled in an Edge Device configuration, users need to be authenticated
either by a local user database account or by an external RADIUS server. Whether or not you
use a RADIUS server, you might want some users to be authenticated locally. These users
need to be added to the List of Users table on the Users screen, as described in Configure
User Accounts on page 362.
Table 67. Extended authentication settings
Setting Description
Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is
enabled, and, if enabled, which device is used to verify user account information:
• None. XAUTH is disabled. This the default setting.
• Edge Device. The UTM functions as a VPN concentrator on which one or more gateway tunnels
terminate. The authentication modes that are available for this configuration are User Database,
RADIUS PAP, and RADIUS CHAP.
• IPSec Host. The UTM functions as a VPN client of the remote gateway. In this configuration the UTM is
authenticated by a remote gateway with a user name and password combination.
Authentication
Type
For an Edge Device configuration, from the drop-down list, select one of the following
authentication types:
• User Database. XAUTH occurs through the UTM’s user database. You can add
users on the Add User screen (see User Database Configuration on page 278).
• Radius PAP. XAUTH occurs through RADIUS Password Authentication Protocol
(PAP). The local user database is first checked. If the user account is not present in
the local user database, the UTM connects to a RADIUS server. For more
information, see RADIUS Client Configuration on page 279.
• Radius CHAP. XAUTH occurs through RADIUS Challenge Handshake
Authentication Protocol (CHAP). For more information, see RADIUS Client
Configuration on page 279.
Username The user name for XAUTH.
Password The password for XAUTH.
To Next Page
Loading...
Need help?
General
