Table of Contents
Advertisement
Network and Security Manager Administration Guide
578
Default Server—To use the default XAuthentication server for the device. To change
or assign a default XAuthentication server, edit the VPN settings in the security device
configuration.
XAuth Server—Use when the remote gateway is a security device that you want to
assign TCP/IP settings.
Auth Server Name. Select a preconfigured authentication server object.
Allowed Authentication Type. Select Generic or Challenge Handshake Authentication
Protocol (CHAP) (password is sent in the clear) to authenticate the remote gateway.
Query Remote Setting. Enable this option to query the remote settings object for
DNS and WINS information.
NOTE: When configuring a VPN that includes RAS users, if you added
the user as a L2TP or XAuth local user and assigned a remote settings
object on a specific device in the VPN, those settings override the settings
defined in the VPN.
XAuth Client—Use when the remote gateway is a RAS user that you want to
authenticate.
Allowed Authentication Type. Select Any or CHAP.
User Name and Password. Enter the user name and password that the RAS user
must provide for authentication.
NOTE: All passwords handled by NSM are case-sensitive.
Bypass Authentication to permit VPN traffic from VPN members to pass
unauthenticated by the XAuth server.
Configuring Gateway Security
Determine the authentication mechanisms you want the VPN nodes to use for IKE Phase
I negotiations. You can use a preshared key or certificates for authentication.
Preshared Key/Certificate
For Phase 1, select a Preshared Key Information or PKI Information:
Preshared Key—Use if your VPN includes security devices and/or RAS users. VPN nodes
use the preshared key during Phase 1 negotiations to authenticate each other; because
each node knows the key in advance, negotiations use fewer messages and are quicker.
To generate a random key, enter a value for the seed, then click Generate Key. NSM
uses the seed value to generate a random key, which is used to authenticate VPN
members.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
