Configure Xauth For Vpn Clients - NETGEAR UTM5 Reference Manual

Configure XAUTH for VPN Clients

Once the XAUTH has been enabled, you need to establish user accounts in the user
database to be authenticated against XAUTH, or you need to enable a RADIUS-CHAP or
RADIUS-PAP server.
Note: You cannot modify an existing IKE policy to add XAUTH while the
IKE policy is in use by a VPN policy. The VPN policy needs to be
disabled before you can modify the IKE policy.

To enable and configure XAUTH:
1. Select VPN > IPSec VPN. The IPSec VPN submenu tabs display with the IKE Policies
screen in view (see
2. In the List of IKE Policies table, click the Edit table button to the right of the IKE policy for
which you want to enable and configure XAUTH. The Edit IKE Policy screen displays. This
screen shows the same fields as the Add IKE Policy screen (see
3. In the Extended Authentication section onscreen, complete the fields, select the radio
buttons, and make your selections from the drop-down lists as explained in the following
table:
Table 70. Extended authentication settings
Setting
Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is
enabled, and, if enabled, which device is used to verify user account information:
• None. XAUTH is disabled. This the default setting.
• Edge Device. The UTM functions as a VPN concentrator on which one or more gateway tunnels
terminate. The authentication modes that are available for this configuration are User Database,
RADIUS PAP, and RADIUS CHAP.
• IPSec Host. The UTM functions as a VPN client of the remote gateway. In this configuration the UTM
is authenticated by a remote gateway with a user name and password combination.
Authentication
Type
Username
Password
4. Click Apply to save your settings.
ProSecure Unified Threat Management (UTM) Appliance
Figure 171 on page 275).
Description
For an Edge Device configuration, from the drop-down list, select one of the following
authentication types:
• User Database. XAUTH occurs through the UTM's user database. You can add
users on the Add User screen (see
• Radius PAP. XAUTH occurs through RADIUS Password Authentication Protocol
(PAP). The local user database is first checked. If the user account is not present
in the local user database, the UTM connects to a RADIUS server. For more
information, see RADIUS Client Configuration
• Radius CHAP. XAUTH occurs through RADIUS Challenge Handshake
Authentication Protocol (CHAP). For more information, see
Configuration on page 292.
The user name for XAUTH.
The password for XAUTH.
Virtual Private Networking Using IPSec Connections
User Database Configuration
on page 292.
291
Figure 172 on page 277).
on page 292).
RADIUS Client