user manual
Internet Key Exchange for VPNs 6-7
• VPN concentrator – This configures Xauth to expect to receive authentication credentials, and to pos-
sibly serve VPN IP parameters.
When Xauth is set to VPN concentrator, you can configure the IPSec profile to allow the Router to
respond when the remote client requests an internal IP address:
Remote Members: If the Remote Members is a single address within the Local Members range, then
the Router will respond with that address to incoming address requests from Xauth clients. For exam-
ple a Local Range of 192.168.1.1/24, and a Remote Range of 192.168.1.99/32 allows the response
192.168.1.99, when an internal address is requested.
Since the Local Range is not required to be of type “subnet,” and the Router might need to respond
with an internal subnet mask, the subnet mask is set to an even multiple of 8 bits based on the num-
ber of addresses in the local range. See “
Multiple Network IPsec” on page 6-17.
• From the Xauth Recipient Auth. Check pop-up menu, select the database to be used for authentication:
• Local – If you choose this option, the Gateway will use the locally configured username and password,
for both concentrator and client modes.
• RADIUS - If you choose this option, the Gateway will use the globally configured RADIUS server when
acting in concentrator mode.
• Enter an Xauth Local Username, the locally configured username to be sent in client mode. This is
used to check received authentication credentials when not checking them with RADIUS.
• Enter an Xauth Local Password, the locally configured password to be sent in client mode. This is
used to check received authentication credentials when not checking them with RADIUS.
Advanced IKE Phase 1 Options
• If you select Advanced IKE Phase 1 Options the Advanced IKE Phase 1 Options screen appears.