ProSafe VPN Firewall 200 FVX538 Reference Manual
•CA Identify – The official name of the CA which issued this CRL.
•Last Update – The date when this CRL was released.
•Next Update – The date when the next CRL will be released.
To upload a Certificate Identify to the CRL:
1.From the main menu under VPN, select Certificates. The Certificates screen will display showing the CRL (Certificate Revocation List) table at the bottom of the screen.
2.Click Browse, and then locate the file you previously downloaded from a CA.
3.Select the Certificate Identify file. The name will appear in the “File to upload” field. Click
Upload.
Click Back to return to the CRL list. The new Certificate Identify will appear in the CRL Table. If you have a previous CA Identity from the same CA, it should now be deleted.
Figure
Extended Authentication (XAUTH) Configuration
When connecting many VPN clients to a VPN gateway router, an administrator may want a unique user authentication method beyond relying on a single common preshared key for all clients. Although the administrator could configure a unique VPN policy for each user, it is more convenient for the VPN gateway router to authenticate users from a stored list of user accounts. XAUTH provides the mechanism for requesting individual authentication information from the user, and a local User Database or an external authentication server, such as a RADIUS server, provides a method for storing the authentication information centrally in the local network.
XAUTH is enabled when adding or editing an IKE Policy. Two types of XAUTH are available:
•Edge Device. If this is selected, the router is used as a VPN concentrator where one or more gateway tunnels terminate. If this option is chosen, you must specify the authentication type to be used in verifying credentials of the remote VPN gateways: User Database,
Virtual Private Networking |
v1.0, August 2006