Enabling Xauth - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Using the Web Browser Interface for Advanced Configuration Tasks

Enabling Xauth

Xauth allows IKE to request authentication information from remote users in
between establishing the IKE SA and the IPSec SA. (This authentication
information is different from the authentication method configured for IKE
phase 1; it is individual to each user.) Xauth is typically used for increased
security in client-to-site VPNs. Indeed, the VPN wizard will automatically
prompt you to enable Xauth when you select mobile peers, as discussed in
"Extended Authentication (Client-to-site VPN only)" on page 14-63.
You can also use Xauth in a site-to-site VPN. Some gateway devices, including
ProCurve Secure Routers, can act as Xauth hosts, which allows the local
router to request authentication from remote gateway device itself.
Figure 14-65. Enabling AAA from the Passwords Window
To enable Xauth:
1. Select Passwords under System in the left navigation bar.
2. In the Service Authentication window, click the AAA Mode Enabled box.
3. If the router will use its local database to authenticate the remote VPN
peers, then you should check this list in the Add/Modify/Delete Users
window above.
Setting Up Virtual Private Networks
14-89