Table of Contents
Advertisement
Network and Security Manager Administration Guide
570
Allowed Authentication Type. Select Generic or Challenge Handshake Authentication
Protocol (CHAP) (password is sent in the clear) to authenticate the remote gateway.
Query Remote Setting. Enable this option to query the remote settings object for
DNS and WINS information.
NOTE: When configuring a VPN that includes RAS users, if you added the user as a
L2TP or XAuth local user and assigned a remote settings object on a specific device in
the VPN, those settings override the settings defined in the VPN.
XAuth Client—Use when the remote gateway is a RAS user that you want to
authenticate.
Allowed Authentication Type. Select Any or CHAP.
User Name and Password. Enter the user name and password that the RAS user
must provide for authentication.
NOTE: All passwords handled by NSM are case-sensitive.
Bypass Authentication to permit VPN traffic from VPN members to pass
unauthenticated by the XAuth server.
Configuring Gateway Security
Determine the authentication mechanisms you want the VPN nodes to use for IKE Phase
I negotiations. You can use a preshared key or certificates for authentication.
Preshared Key/Certificate
For Phase 1, select a Preshared Key Information or PKI Information:
Preshared Key—Use if your VPN includes security devices and/or RAS users. VPN nodes
use the preshared key during Phase 1 negotiations to authenticate each other; because
each node knows the key in advance, negotiations use fewer messages and are quicker.
To generate a random key, enter a value for the seed, then click Generate Key. NSM
uses the seed value to generate a random key, which is used to authenticate VPN
members.
NOTE: Using a random key can generate a key in excess of 255 characters, which
exceeds ScreenOS limits and might not be accepted by the security device during
update. To reduce the key size, shorten the autogenerated key value by deleting
characters.
To use a predefined value for the key, enter a value for the Preshared Key.
PKI—Use if your VPN includes extranet devices or you require the additional security
provided by certificates (PKI uses certificates for VPN member authentication). For
details on creating and managing certificates.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
