Extended Authentication (Xauth); Figure 142: Ipsec Policy Configuration Continued (Auto/Manual Phase 2) - D-Link DWC-1000 User Manual

Wireless Controller
policies with IKE are preferred as in some IPsec implementations the SPI (security
parameter index) values require conversion at each endpoint.
DWC-1000 supports VPN roll-over feature. This means that policies configured on
primary Option will rollover to the secondary Option in case of a link failure on a
primary Option. This feature can be used only if your Option is configured in Auto-
Rollover mode.

Figure 142: IPsec policy configuration continued (Auto/Manual Phase 2)

8.2.1 Extended Authentication (XAUTH)

You can also configure extended authentication (XAUTH). Rather than configure a
unique VPN policy for each user, you can configure the VPN gateway controller to
authenticate users from a stored list of user accounts or with an external authentication
server such as a RADIUS server. With a user database, user accounts created in the
controller are used to authenticate users.
With a configured RADIUS server, the controller connects to a RADIUS server and
passes to it the credentials that it receives from the VPN client. You can secure the
247
User Manual