Netgear FVS336G-100NAS Reference Manual - Page 113
Extended Authentication (XAUTH) Configuration, Edge Device.
View all Netgear FVS336G-100NAS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 113 highlights
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual a. Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio button. b. Check the Enable Perfect Forward Secrecy (PFS) radio button, and choose the DiffieHellman Group 2 from the PFS Key Group pull-down menu. c. Enable Replay Detection should be checked. 4. Click on Authentication (Phase 1) on the left-side of the menu and choose Proposal 1. Enter the Authentication values to match those in the VPN firewall ModeConfig Record menu. 5. Click on Key Exchange (Phase 2) on the left-side of the menu and choose Proposal 1. Enter the values to match your configuration of the VPN firewall ModeConfig Record menu. (The SA Lifetime can be longer, such as 8 hours [28800 seconds] 6. Click the Save icon to save the Security Policy and close the VPN ProSafe VPN client. To test the connection: 1. Right-click on the VPN client icon in the Windows toolbar and click Connect. The connection policy you configured will appear; in this case "My Connections\modecfg_test". 2. Click on the connection. Within 30 seconds the message "Successfully connected to MyConnections/modecfg_test is displayed and the VPN client icon in the toolbar will read "On". 3. From the client PC, ping a computer on the VPN firewall LAN. Extended Authentication (XAUTH) Configuration When connecting many VPN clients to a VPN firewall, an administrator may want a unique user authentication method beyond relying on a single common preshared key for all clients. Although the administrator could configure a unique VPN policy for each user, it is more convenient for the VPN firewall to authenticate users from a stored list of user accounts. XAUTH provides the mechanism for requesting individual authentication information from the user, and a local User Database or an external authentication server, such as a RADIUS server, provides a method for storing the authentication information centrally in the local network. XAUTH can be enabled when adding or editing an IKE Policy. Two types of XAUTH are available: • Edge Device. If this is selected, the VPN firewall is used as a VPN concentrator where one or more gateway tunnels terminate. If this option is chosen, you must specify the authentication type to be used in verifying credentials of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUS-CHAP. Virtual Private Networking Using IPsec v1.0, October 2007 5-25