Wireless Controller
policies with IKE are preferred as in some IPsec implementations the SPI (security
parameter index) values require conversion at each endpoint.
DWC-1000 supports VPN roll-over feature. This means that policies configured on
primary Option will rollover to the secondary Option in case of a link failure on a
primary Option. This feature can be used only if your Option is configured in Auto-
Rollover mode.
Figure 142: IPsec policy configuration continued (Auto/Manual Phase 2)
8.2.1 Extended Authentication (XAUTH)
You can also configure extended authentication (XAUTH). Rather than configure a
unique VPN policy for each user, you can configure the VPN gateway controller to
authenticate users from a stored list of user accounts or with an external authentication
server such as a RADIUS server. With a user database, user accounts created in the
controller are used to authenticate users.
With a configured RADIUS server, the controller connects to a RADIUS server and
passes to it the credentials that it receives from the VPN client. You can secure the
247
User Manual