Extended Authentication (Xauth); Internet Over Ipsec Tunnel; Figure 58: Ipsec Policy Configuration Continued (Auto / Manual Phase 2) - D-Link DSR-250 User Manual

Unified Services Router

Figure 58: IPsec policy configuration continued (Auto / Manual Phase 2)

6.2.1 Extended Authentication (XAUTH)

You can also configure extended authentication (XAUTH). Rather than configure a
unique VPN policy for each user, you can configure the VPN gateway router to
authenticate users from a stored list of user accounts or with an ext ernal
authentication server such as a RADIUS server. With a user database, user accounts
created in the router are used to authenticate users.
With a configured RADIUS server, the router connects to a RADIUS server and
passes to it the credentials that it receives from the VPN client. You can secure the
connection between the router and the RADIUS server with the authentication
protocol supported by the server (PAP or CHAP). For RADIUS – PAP, the router
first checks in the user database to see if the user credentials are available; if they
are not, the router connects to the RADIUS server.

6.2.2 Internet over IPSec tunnel

In this feature all the traffic will pass through the VPN Tunnel and from the Remote
Gateway the packet will be routed to Internet. On the rem ote gateway side, the
outgoing packet will be SNAT'ed.
95
User Manual