Chapter 21 IPSec VPN
USG20(W)-VPN Series User’s Guide
353
X Auth / Extended
Authentication
Protocol
This part of the screen displays X-Auth when using IKEv1 and Extended
Authentication Protocol when using IKEv2.
X-Auth This displays when using IKEv1. When different users use the same VPN tunnel to
connect to the USG (telecommuters sharing a tunnel for example), use X-auth to
enforce a user name and password check. This way even though telecommuters all
know the VPN tunnel’s security settings, each still has to provide a unique user name
and password.
Enable Extended
Authentication
Select this if one of the routers (the USG or the remote IPSec router) verifies a user
name and password from the other router using the local user database and/or an
external server.
Server Mode Select this if the USG authenticates the user name and password from the remote
IPSec router. You also have to select the authentication method, which specifies how
the USG authenticates this information.
Client Mode Select this radio button if the USG provides a username and password to the remote
IPSec router for authentication. You also have to provide the User Name and the
Password.
User Name This field is required if the USG is in Client Mode for extended authentication. Type the
user name the USG sends to the remote IPSec router. The user name can be 1-31
ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the USG is in Client Mode for extended authentication. Type the
password the USG sends to the remote IPSec router. The password can be 1-31 ASCII
characters. It is case-sensitive, but spaces are not allowed.
Retype to
Confirm
Type the exact same password again here to make sure an error was not made when
typing it originally.
Extended
Authentication
Protocol
This displays when using IKEv2. EAP uses a certificate for authentication.
Enable Extended
Authentication
Select this if one of the routers (the USG or the remote IPSec router) verifies a user
name and password from the other router using the local user database and/or an
external server or a certificate.
Server Mode Select this if the USG authenticates the user name and password from the remote
IPSec router. You also have to select an AAA method, which specifies how the USG
authenticates this information and who may be authenticated (Allowed User).
Client Mode Select this radio button if the USG provides a username and password to the remote
IPSec router for authentication. You also have to provide the User Name and the
Password.
User Name This field is required if the USG is in Client Mode for extended authentication. Type the
user name the USG sends to the remote IPSec router. The user name can be 1-31
ASCII characters. It is case-sensitive, but spaces are not allowed.
Password This field is required if the USG is in Client Mode for extended authentication. Type the
password the USG sends to the remote IPSec router. The password can be 1-31 ASCII
characters. It is case-sensitive, but spaces are not allowed.
Retype to
Confirm
Type the exact same password again here to make sure an error was not made when
typing it originally.
OK Click OK to save your settings and exit this screen.
Cancel Click Cancel to exit this screen without saving.
Table 137 Configuration > VPN > IPSec VPN > VPN Gateway > Add/Edit (continued)
LABEL DESCRIPTION
To Next Page
Loading...
