D-Link DFL-2500 User Guide - Page 241
before IKE IPSec SA negotiation phase-2. Before XAuth, IKE only
![]() |
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 241 highlights
222 Chapter 22. VPN Protocols & Tunnels identities(IDs), where each identity corresponds to the subject field in an X.509 certificate. Identification lists can thus be used to regulate what X.509 certificates are given access to what IPSec connections. LDAP LDAP, short for Lightweight Directory Access Protocol, is a set of protocols for accessing and downloading information directories. LDAP supports TCP/IP, which is necessary for any type of Internet access. It is used for various applications running on different computer platforms to obtain information from a LDAP server, such as downloading the certificate and CRL registry. The LDAP server maintains the Certification Authority certificate, the Certificate Revocation List(CRL), and the end users certificates. The address of the LDAP server can be configured at each VPN endpoint. IKE XAuth IKE Extended Authentication (XAuth), is an extended feature to enhance the standard IKE authentication. XAuth does not replace IKE; it occurs after IKE negotiation phase-1, but before IKE IPSec SA negotiation phase-2. Before XAuth, IKE only supported authentication of the device, not authentication of the user that using the device. With XAuth, IKE can now authenticate the users after the device has been authenticated during phase-1 negotiation. If enabled, a combination of username & password will be requested for the add-on user authentication. D-Link Firewalls User's Guide
![](/manual_guide/products/dlink-dfl2500-user-guide-83bdca9/241.png)