Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsNetworkingSRXN3205
141142143144145146147148149150
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Virtual Private Networking Using IPsec 6-35
v1.0, January 2010
3. You can add XAUTH to an existing IKE policy by clicking edit adjacent to the policy to be
modified or you can create a new IKE policy incorporating XAUTH by clicking add.
4. In the Extended Authentication section, check the Edge Device radio box to use this VPN
firewall as a VPN concentrator where one or more gateway tunnels terminate. You then must
specify the authentication type to be used in verifying credentials of the remote VPN
gateways. (Either the User Database or RADIUS Client must be configured when XAUTH is
enabled.)
5. In the Extended Authentication section, choose the Authentication Type from the pull-
down menu which will be used to verify user account information. Select
Edge Device to use this VPN firewall as a VPN concentrator where one or more gateway
tunnels terminate. When this option is chosen, you will need to specify the authentication
type to be used in verifying credentials of the remote VPN gateways.
User Database to verify against the VPN firewalls user database. Users must be
added through the User Database screen (see “User Database Configuration” on
page 6-35).
RADIUS–CHAP or RADIUS–PAP (depending on the authentication mode accepted
by the RADIUS server) to add a RADIUS server. If RADIUS–PAP is selected, the
VPN firewall will first check in the user database to see if the user credentials are
available. If the user account is not present, the VPN firewall will then connect to the
RADIUS server (see “RADIUS Client Configuration” on page 6-35).
IPsec Host if you want to be authenticated by the remote gateway. In the adjacent
Username and Password fields, type in the information user name and password
associated with the IKE policy for authenticating this gateway (by the remote gateway).
6. Click Apply to save your settings.
User Database Configuration
When XAUTH is enabled as an Edge Device, users must be authenticated either by a local User
Database account or by an external RADIUS server. Whether or not you use a RADIUS server,
you may want some users to be authenticated locally. These users must be added to the List of
Users table, as described in “Creating a New User Account” on page 8-6.
RADIUS Client Configuration
RADIUS (Remote Authentication Dial In User Service, RFC 2865) is a protocol for managing
Authentication, Authorization, and Accounting (AAA) of multiple users in a network. A RADIUS
server will store a database of user information, and can validate a user at the request of a gateway