Netgear UTM10EW3-100NAS Reference Manual 3.0.1-124 - Page 309
Con XAUTH for VPN Clients, To enable and con XAUTH, VPN > IPSec VPN, Apply
View all Netgear UTM10EW3-100NAS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 309 highlights
ProSecure Unified Threat Management (UTM) Appliance Configure XAUTH for VPN Clients Once the XAUTH has been enabled, you need to establish user accounts in the user database to be authenticated against XAUTH, or you need to enable a RADIUS-CHAP or RADIUS-PAP server. Note: You cannot modify an existing IKE policy to add XAUTH while the IKE policy is in use by a VPN policy. The VPN policy needs to be disabled before you can modify the IKE policy. To enable and configure XAUTH: 1. Select VPN > IPSec VPN. The IPSec VPN submenu tabs display with the IKE Policies screen in view (see Figure 179 on page 293). 2. In the List of IKE Policies table, click the Edit table button to the right of the IKE policy for which you want to enable and configure XAUTH. The Edit IKE Policy screen displays. This screen shows the same fields as the Add IKE Policy screen (see Figure 180 on page 295). 3. In the Extended Authentication section onscreen, complete the fields, select the radio buttons, and make your selections from the drop-down lists as explained in the following table: Table 75. Extended authentication settings Setting Description Select one of the following radio buttons to specify whether Extended Authentication (XAUTH) is enabled, and, if enabled, which device is used to verify user account information: • None. XAUTH is disabled. This the default setting. • Edge Device. The UTM functions as a VPN concentrator on which one or more gateway tunnels terminate. The authentication modes that are available for this configuration are User Database, RADIUS PAP, and RADIUS CHAP. • IPSec Host. The UTM functions as a VPN client of the remote gateway. In this configuration the, UTM is authenticated by a remote gateway with a user name and password combination. Authentication Type For an Edge Device configuration, from the drop-down list, select one of the following authentication types: • User Database. XAUTH occurs through the UTM's user database. You can add users on the Add User screen (see User Database Configuration on page 310). • Radius PAP. XAUTH occurs through RADIUS Password Authentication Protocol (PAP). The local user database is first checked. If the user account is not present in the local user database, the UTM connects to a RADIUS server. For more information, see RADIUS Client and Server Configuration on page 310. • Radius CHAP. XAUTH occurs through RADIUS Challenge Handshake Authentication Protocol (CHAP). For more information, see RADIUS Client and Server Configuration on page 310. Username Password The user name for XAUTH. The password for XAUTH. 4. Click Apply to save your settings. Virtual Private Networking Using IPSec, PPTP, or L2TP Connections 309