ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
XAUTH can be enabled when adding or editing an IKE Policy. Two types of XAUTH are
available:
•
Edge Device. If this is selected, the VPN firewall is used as a VPN concentrator where one or
more gateway tunnels terminate. If this option is chosen, you must specify the authentication
type to be used in verifying credentials of the remote VPN gateways: User Database,
RADIUS-PAP, or RADIUS-CHAP.
•
IPsec Host. If you want authentication by the remote gateway, enter a User Name and
Password to be associated with this IKE policy. If this option is chosen, the remote gateway
must specify the user name and password used for authenticating this gateway.
Note: If a RADIUS-PAP server is enabled for authentication, XAUTH will first check the
local User Database for the user credentials. If the user account is not present, the
VPN firewall will then connect to a RADIUS server.
Configuring XAUTH for VPN Clients
Once the XAUTH has been enabled, you must establish user accounts on the User Database to be
authenticated against XAUTH, or you must enable a RADIUS-CHAP or RADIUS-PAP server.
Note: You cannot modify an existing IKE policy to add XAUTH while the IKE policy is
in use by a VPN policy. The VPN policy must be disabled before you can modify
the IKE policy.
To enable and configure XAUTH:
1. Select VPN > IPsec VPN from the menu.
2. Click the IKE Policies tab. The IKE Policies screen is displayed.
Figure 5-21
5-20
Virtual Private Networking Using IPsec
v1.0, January 2010