Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 249

Table 54: IKE IDs/XAuth Types
ID Types
ASN1-DN
FQDN
IP Address
U-FQDN
Default Server
XAuth Server
XAuth Client
Bypass Authentication
Copyright © 2010, Juniper Networks, Inc.
Description
Abstract Syntax Notation, version 1 is a data representation format that is non-platform specific;
Distinguished Name is the name of the computer. Use ASN1-DN to create a group ID that enables
multiple RAS users to connect to the VPN tunnel concurrently.
At the peer ID, specify values for the Container Match and Wildcard Match.
At the local ID, specify the value.
Using a group ID can make configuring and maintaining your VPN quicker and easier. For details
on how group IKE IDs work, see, Configuring Group IKE IDS section in"Policy-Based VPN Creation
Using Remote Access Server Users Overview" on page 213. For details on determining the
ASN1-DN container and wildcard values for group IKE IDs, see the Juniper Networks ScreenOS
5.x Concepts and Examples Guide.
Use a fully qualified domain name when the VPN member uses a dynamic IP address. FQDN is a
name that identifies (qualifies) a computer to the DNS protocol using the computer name and
the domain name; for example,
Use an IP address when the VPN member uses a static IP address.
Use a user fully qualified domain name when the VPN member uses a dynamic IP address (such
as a RAS user). A U-FQDN is an e-mail address, such as
Use the default server to use the default XAuthentication server for the device. To change or
assign a default XAuthentication server, edit the VPN settings > Defaults > Xauth settings.
Use to specify the authentication server that assigns TCP/IP settings to the remote gateway.
XAuth Server Name—Select a preconfigured authentication server object. For details on creating
authentication server objects, see "Device Administrator Authentication Overview" on page 149.
Allowed Authentication Type—Select generic or Challenge Handshake Authentication Protocol
(CHAP) (password is sent in the clear) to authenticate the remote gateway.
Query Remote Setting—Enable this option to query the remote settings object for DNS and
WINS information.
Users and Groups—Authenticate XAuth RAS users using the authentication server, by enabling
User or User Group and selecting a preconfigured user object.
Use when the remote gateway is a RAS user that you want to authenticate.
Allowed Authentication Type—Select Any or Challenge Handshake Authentication Protocol
(CHAP) for authentication (password is sent in the clear).
User Name and Password—Enter the username and password that the RAS user must provide
for authentication.
NOTE: All passwords handled by NSM are case-sensitive.
Use to permit VPN traffic from this VPN member to pass unauthenticated by the Auth server.
Use the XAuth protocol to authenticate RAS users with an authentication token (such
as SecureID) and to make TCP/IP settings (IP address, DNS server, and WINS server)
for the peer gateway.
server1.colorado.mycompany.com
user1@mycompany.com
Chapter 8: Configuring VPNs
.
.
225