The Vpn Firewall's Authentication Process And Options - NETGEAR FVS318G Reference Manual
Vpn firewall
Hide thumbs
Also See for FVS318G:
- Reference manual (180 pages) ,
- Datasheet (3 pages) ,
- Installation manual (2 pages)
Table of Contents
Advertisement
The VPN Firewall's Authentication Process and Options
Users are assigned to a group, and a group is assigned to a domain. Therefore, you must
first create any domains, then groups, and then user accounts.
You must create name and password accounts for all users who must be able to connect to
the VPN firewall. This includes administrators and guests. Accounts for IPSec VPN clients
are required only if you enable extended authentication (XAUTH) in your IPSec VPN
configuration.
Users connecting to the VPN firewall must be authenticated before being allowed to access
the VPN firewall or the VPN-protected network. The login screen that is presented to the user
requires three items: a user name, a password, and a domain selection. The domain
determines the authentication method that is used.
Except in the case of IPSec VPN users, when you create a user account, you must specify a
group. When you create a group, you must specify a domain.
IPSec VPN and L2TP users do not belong to a domain and are not assigned to a group.
Do not confuse the authentication groups with the LAN groups. For more information, see
Manage IPv4 Groups and Hosts (IPv4 LAN Groups)
The following table summarizes the external authentication protocols and methods that the
VPN firewall supports.
Table 65. External authentication protocols and methods
Authentication
Protocol or Method
PAP
CHAP
RADIUS
MIAS
WiKID
NT Domain
NETGEAR ProSAFE VPN Firewall FVS318G v2
Description
Password Authentication Protocol (PAP) is a simple protocol in which the client sends a
password in clear text.
Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake
in which the client and server trade challenge messages, each responding with a hash of
the other's challenge message that is calculated using a shared secret value.
A network-validated PAP or CHAP password-based authentication method that functions
with Remote Authentication Dial In User Service (RADIUS).
A network-validated PAP or CHAP password-based authentication method that functions
with Microsoft Internet Authentication Service (MIAS), which is a component of Microsoft
Windows 2003 Server.
WiKID Systems is a PAP or CHAP key-based two-factor authentication method that
functions with public key cryptography. The client sends an encrypted PIN to the WiKID
server and receives a one-time passcode with a short expiration period. The client logs in
with the passcode. For more about WiKID authentication, see
Authentication.
A network-validated domain-based authentication method that functions with a Microsoft
Windows NT Domain authentication server. This authentication method was superseded
by Microsoft Active Directory authentication but is supported to authenticate legacy
Windows clients.
Manage Users, Authentication, and VPN Certificates
on page 71.
286
Appendix B, Two-Factor
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
