Netgear SRX5308 SRX5308 Reference Manual - Page 179
Configuring Extended Authentication (XAUTH), IPSec VPN, VPN Policies, Apply, Edge Device, IPsec Host
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 179 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual To edit a VPN policy: 1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs display, with the IKE Policies screen in view (see Figure 5-20 on page 5-22). 2. Click the VPN Policies submenu tab. The VPN Policies screen displays (see Figure 5-22 on page 5-30). 3. In the List of VPN Policies table, click the Edit table button to the right of the VPN policy that you want to edit. The Edit VPN Policy screen displays. This screen shows the same fields as the Add New VPN Policy screen (see Figure 5-23 on page 5-32). 4. Modify the settings that you wish to change (see Table 5-12 on page 5-33). 5. Click Apply to save your changes. The modified VPN policy is displayed in the List of VPN Policies table. Configuring Extended Authentication (XAUTH) When many VPN clients connect to a VPN firewall, you might want to use a unique user authentication method beyond relying on a single common pre-shared key for all clients. Although you could configure a unique VPN policy for each user, it is more efficient to authenticate users from a stored list of user accounts. XAUTH provides the mechanism for requesting individual authentication information from the user, and a local user database or an external authentication server, such as a RADIUS server, provides a method for storing the authentication information centrally in the local network. You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH are available: • Edge Device. The VPN firewall is used as a VPN concentrator on which one or more gateway tunnels terminate. You must specify the authentication type that must be used during verification of the credentials of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUS-CHAP. • IPsec Host. Authentication by the remote gateway through a user name and password that are associated with the IKE policy. The user name and password that are used to authenticate the VPN firewall must be specified on the remote gateway. Note: If a RADIUS-PAP server is enabled for authentication, XAUTH first checks the local user database for the user credentials. If the user account is not present, the VPN firewall then connects to a RADIUS server. Virtual Private Networking Using IPsec Connections v1.0, April 2010 5-37