Configure Extended Authentication (Xauth) - NETGEAR ProSAFE SRX5308 Reference Manual
Gigabit quad wan ssl vpn firewall
Hide thumbs
Also See for ProSAFE SRX5308:
- Reference manual (361 pages) ,
- Cli reference manual (328 pages) ,
- Datasheet (3 pages)
Table of Contents
Advertisement
Table 56. Add New VPN Policy screen settings for IPv4 and IPv6 (continued)
Setting
Integrity Algorithm
PFS Key Group
Select IKE Policy
5.
Click Apply to save your settings. The VPN policy is added to the List of VPN Policies table.
To edit a VPN policy:
1.
Select VPN > IPSec VPN > VPN Policies. The VPN Policies screen displays the IPv4
settings (see
Figure 160
2.
Specify the IP version for which you want to edit a VPN policy:
•
IPv4. In the upper right of the screen, the IPv4 radio button is already selected by
default. Go to
•
IPv6. Select the IPv6 radio button. The VPN Policies screen for IPv6 displays.
3.
In the List of VPN Policies table, click the Edit table button to the right of the VPN policy that
you want to edit. The Edit VPN Policy screen displays. This screen shows the same fields
as the Add New VPN Policy screen (for IPv4, see
Figure 162
on page 241).
4.
Modify the settings that you wish to change (see the previous table).
5.
Click Apply to save your changes. The modified VPN policy is displayed in the List of VPN
Policies table.
Configure Extended Authentication (XAUTH)
•
Configure XAUTH for VPN Clients
•
User Database Configuration
•
RADIUS Client and Server Configuration
When many VPN clients connect to a VPN firewall, you might want to use a unique user
authentication method beyond relying on a single common pre-shared key for all clients.
Although you could configure a unique VPN policy for each user, it is more efficient to
authenticate users from a stored list of user accounts. XAUTH provides the mechanism for
Virtual Private Networking Using IPSec and L2TP Connections
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Description
From the drop-down list, select one of the following two algorithms to be used in
the VPN header for the authentication process:
•
SHA-1. Hash algorithm that produces a 160-bit digest. This is the default
setting.
•
MD5. Hash algorithm that produces a 128-bit digest.
Select this check box to enable Perfect Forward Secrecy (PFS), and select a
Diffie-Hellman (DH) group from the drop-down list. The DH Group sets the
strength of the algorithm in bits. The higher the group, the more secure the
exchange. From the drop-down list, select one of the following three strengths:
•
Group 1 (768 bit).
•
Group 2 (1024 bit). This is the default setting.
•
Group 5 (1536 bit).
Select an existing IKE policy that defines the characteristics of the Phase-1
negotiation. To display the selected IKE policy, click the View Selected button.
on page 239).
Step
3.
Figure 161
on page 240; for IPv6 see
245
- Quick Links:
- Internet and Wan Configuration Tasks
- Reboot
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
