D-Link DFL-260E User Manual page 373

8.2.5. Authentication Rules
This is the IKE authentication method which is used as part of VPN tunnel establishment
with IPsec.
XAuth is an extension to the normal IKE exchange and provides an addition to normal
IPsec security which means that clients accessing a VPN must provide a login username
and password.
It should be noted that an interface value is not entered with an XAuth authentication rule
since one single rule with XAuth as the agent will be used for all IPsec tunnels. However,
this approach assumes that a single authentication source is used for all tunnels.
iv. PPP
This is used specifically for L2TP or PPTP authentication.
• Authentication Source
This specifies that authentication is to be performed using one of the following:
i. LDAP - Users are looked up in an external LDAP server database.
ii. RADIUS - An external RADIUS server is used for lookup.
iii. Disallow - This option explicitly disallows all connections that trigger this rule. Such
connections will never be authenticated.
Any Disallow rules are best located at the end of the authentication rule set.
iv. Local - The local database defined within NetDefendOS is used for user lookup.
v. Allow - This option allows all connections that trigger this rule. With this option, all
connections that trigger this rule will be authenticated. No authentication database lookup
occurs.
• Interface
The source interface on which the connections to be authenticated will arrive. This must be
specified.
• Originator IP
The source IP or network from which new connections will arrive. For XAuth and PPP, this is
the tunnel originator IP.
• Terminator IP
The terminating IP with which new connections arrive. This is only specified where the
Authentication Agent is PPP.
Connection Timeouts
An Authentication Rule can specify the following timeouts related to a user session:
• Idle Timeout
How long a connection is idle before being automatically terminated (1800 seconds by default).
• Session Timeout
373
Chapter 8. User Authentication