Configuring Extended Authentication (Xauth) - NETGEAR SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall Reference Manual
Gigabit quad wan ssl vpn firewall
Hide thumbs
Also See for SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall:
- Configuration manual (8 pages) ,
- Use manual (9 pages) ,
- Network setup manual (8 pages)
Table of Contents
Advertisement
To edit a VPN policy:
1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs display, with the IKE
Policies screen in view (see
2. Click the VPN Policies submenu tab. The VPN Policies screen displays (see
page
5-30).
3. In the List of VPN Policies table, click the Edit table button to the right of the VPN policy that
you want to edit. The Edit VPN Policy screen displays. This screen shows the same fields as
the Add New VPN Policy screen (see
4. Modify the settings that you wish to change (see
5. Click Apply to save your changes. The modified VPN policy is displayed in the List of VPN
Policies table.
Configuring Extended Authentication (XAUTH)
When many VPN clients connect to a VPN firewall, you might want to use a unique user
authentication method beyond relying on a single common pre-shared key for all clients. Although
you could configure a unique VPN policy for each user, it is more efficient to authenticate users
from a stored list of user accounts. XAUTH provides the mechanism for requesting individual
authentication information from the user, and a local user database or an external authentication
server, such as a RADIUS server, provides a method for storing the authentication information
centrally in the local network.
You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH are
available:
•
Edge Device. The VPN firewall is used as a VPN concentrator on which one or more gateway
tunnels terminate. You must specify the authentication type that must be used during
verification of the credentials of the remote VPN gateways: User Database, RADIUS-PAP, or
RADIUS-CHAP.
•
IPsec Host. Authentication by the remote gateway through a user name and password that are
associated with the IKE policy. The user name and password that are used to authenticate the
VPN firewall must be specified on the remote gateway.
Note: If a RADIUS-PAP server is enabled for authentication, XAUTH first checks the
local user database for the user credentials. If the user account is not present, the
VPN firewall then connects to a RADIUS server.
Virtual Private Networking Using IPsec Connections
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Figure 5-20 on page
Figure 5-23 on page
v1.0, April 2010
5-22).
5-32).
Table 5-12 on page
5-33).
Figure 5-22 on
5-37
Advertisement
Table of Contents
Troubleshooting
