Configuring Xauth For Vpn Clients - NETGEAR ProSafe FVS336G Reference Manual

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual

Configuring XAUTH for VPN Clients

Once the XAUTH has been enabled, you must establish user accounts on the User Database to be
authenticated against XAUTH, or you must enable a RADIUS-CHAP or RADIUS-PAP server.
Note: You cannot modify an existing IKE policy to add XAUTH while the IKE policy is
in use by a VPN policy. The VPN policy must be disabled before you can modify
the IKE policy.
To enable and configure XAUTH:
1. Select VPN > IPsec VPN from the main menu.
2. Click the IKE Policies tab. The IKE Policies screen is displayed.
Figure 5-12
3. You can add XAUTH to an existing IKE Policy by clicking Edit adjacent to the policy to be
modified or you can create a new IKE Policy incorporating XAUTH by clicking Add.
4. In the Extended Authentication section, choose the Authentication Type from the pull-
down menu which will be used to verify user account information. Select
• Edge Device to use this VPN firewall as a VPN concentrator where one or more gateway
tunnels terminate. When this option is chosen, you will need to specify the authentication
type to be used in verifying credentials of the remote VPN gateways.
– User Database to verify against the VPN firewall's user database. Users must be
added through the User Database screen (see
page 5-21).
5-20
"User Database Configuration" on
Virtual Private Networking Using IPsec
v1.2, June 2008