Configuring Xauth For Vpn Clients - NETGEAR SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall Reference Manual
Gigabit quad wan ssl vpn firewall
Hide thumbs
Also See for SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall:
- Configuration manual (8 pages) ,
- Use manual (9 pages) ,
- Network setup manual (8 pages)
Table of Contents
Advertisement
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Configuring XAUTH for VPN Clients
Once the XAUTH has been enabled, you must establish user accounts on the User Database to be
authenticated against XAUTH, or you must enable a RADIUS-CHAP or RADIUS-PAP server.
Note: You cannot modify an existing IKE policy to add XAUTH while the IKE policy is
in use by a VPN policy. The VPN policy must be disabled before you can modify
the IKE policy.
To enable and configure XAUTH:
1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs display, with the IKE
Policies screen in view (see
2. In the List of IKE Policies table, click the Edit table button to the right of the IKE policy for
which you want to enable and configure XAUTH. The Edit IKE Policy screen displays. This
screen shows the same fields as the Add IKE Policy screen (see
3. In the Extended Authentication section of the screen, complete the fields, select the radio
buttons, and make your selections from the drop-down lists as explained
Table 5-13.
Extended Authentication
Item
Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is
enabled, and–if enabled–which device is used to verify user account information:
• None. XAUTH is disabled. This the default setting.
• Edge Device. The VPN firewall functions as a VPN concentrator on which one or more gateway
tunnels terminate. The authentication modes that are available for this configuration are User
Database, RADIUS PAP, or RADIUS CHAP.
• IPSec Host. The VPN firewall functions as a VPN client of the remote gateway. In this configuration
the VPN firewall is authenticated by a remote gateway with a user name and password combination.
Authentication
Type
5-38
Figure 5-20 on page
Settings
Description (or Subfield and Description)
For an Edge Device configuration: from the drop-down list, select one of the
following authentication types:
• User Database. XAUTH occurs through the VPN firewall's user database. Users
must be added through the Add User screen (see
on page
5-39).
• Radius PAP. XAUTH occurs through RADIUS Password Authentication Protocol
(PAP). The local user database is first checked. If the user account is not present
in the local user database, the VPN firewall connects to a RADIUS server. For
more information, see
• Radius CHAP. XAUTH occurs through RADIUS Challenge Handshake
Authentication Protocol (CHAP). For more information, see
Configuration" on page
v1.0, April 2010
5-22).
"RADIUS Client Configuration" on page
5-39.
Virtual Private Networking Using IPsec Connections
Figure 5-21 on page
5-24).
Table
5-13.
"User Database Configuration"
5-39.
"RADIUS Client
Advertisement
Table of Contents
Troubleshooting
