Configure Extended Authentication (Xauth); Configure Xauth For Vpn Clients - NETGEAR FVS318G Reference Manual
Vpn firewall
Hide thumbs
Also See for FVS318G:
- Reference manual (180 pages) ,
- Datasheet (3 pages) ,
- Installation manual (2 pages)
Table of Contents
Advertisement
The Edit VPN Policy screen displays. This screen shows the same fields as the Add New
VPN Policy screen.
5.
Modify the settings that you wish to change (see
6.
Click the Apply button.
Your changes are saved.
Configure Extended Authentication (XAUTH)
When many VPN clients connect to a VPN firewall, you might want to use a unique user
authentication method beyond relying on a single common pre-shared key for all clients.
Although you could configure a unique VPN policy for each user, it is more efficient to
authenticate users from a stored list of user accounts. XAUTH provides the mechanism for
requesting individual authentication information from the user. A local user database or an
external authentication server, such as a RADIUS server, provides a method for storing the
authentication information centrally in the local network.
You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH
are available:
•
Edge Device. The VPN firewall is used as a VPN concentrator on which one or more
gateway tunnels terminate. You must specify the authentication type to be used during
verification of the credentials of the remote VPN gateways: the user database,
RADIUS-PAP, or RADIUS-CHAP.
•
IPSec Host. Authentication by the remote gateway through a user name and password
that are associated with the IKE policy. The user name and password that are used to
authenticate the VPN firewall must be specified on the remote gateway.
If a RADIUS-PAP server is enabled for authentication, XAUTH first checks the local user
database for the user credentials. If the user account is not present, the VPN firewall then
connects to a RADIUS server.
This section contains the following topics:
Configure XAUTH for VPN Clients
•
User Database Configuration
•
RADIUS Client and Server Configuration
•
Configure XAUTH for VPN Clients
Once the XAUTH is enabled, you must establish user accounts in the user database to be
authenticated against XAUTH, or you must enable a RADIUS-CHAP or RADIUS-PAP server.
You cannot modify an existing IKE policy to add XAUTH while the IKE policy is in use by a
VPN policy. The VPN policy must be disabled before you can modify the IKE policy.
To enable and configure XAUTH:
1.
Log in to the unit:
Virtual Private Networking Using IPSec and L2TP Connections
NETGEAR ProSAFE VPN Firewall FVS318G v2
257
Table 53
on page 252).
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
