Configuring An Xauth Server - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Virtual Private Networks
Configuring a VPN Using IPSec
N o t e
8-50

Configuring an Xauth Server

Complete the following steps:
1. Configure an authentication, authorization, and accounting (AAA) list to
inform the Xauth server which database to search for usernames and
passwords.
2. Enable the Xauth server in an IKE policy.
If you have not already done so, you will also need to configure the local
username database or RADIUS server group.
Configuring a Username Database. If Xauth will use the router's local
database to authenticate users, you should make sure that entries for all
authorized users have been added to the database. You can check the list of
usernames and passwords by viewing the running-config.
ProCurve# show running-config
!
username administrator password procurve
username juan password mypassword
username sara password mysecret
!
Figure 8-8. Viewing Passwords in the Local Username Database
If necessary, add entries to the local database from the global configuration
mode context:
Syntax: username <username> password <password>
For example:
ProCurve(config)# username rodriguez password procurve
The router also uses the local database list to permit access to the router. If
the users you are entering for Xauth do not have authority to access or
configure the router, you should configure a RADIUS or TACACS+ server
for Xauth.
Configuring RADIUS and TACACS+. If Xauth will be using a RADIUS or
TACACS+ server database, you must enable the router to contact the server.