FVS338 ProSafe VPN Firewall 50 Reference Manual

information such as a username/password or some encrypted response using his username/ password information. The gateway will try and verify this information first against a local User Database (if RADIUS-PAP is enabled) and then by relaying the information to a central authentication server such as a RADIUS server.

To configure the Primary RADIUS Server:

1.Select VPN from the main menu, Client tab. The RADIUS Client

VPN Client from the submenu and then select the RADIUS screen will display.

2.Enable the Primary RADIUS server by checking the Yes radio box.

3.Enter the Primary RADIUS Server IP address.

4.Enter a Secret Phrase. Transactions between the client and the RADIUS server are authenticated using a shared secret phrase, so the same Secret Phrase must be configured on both client and server.

5.Enter the Primary Server NAS Identifier (Network Access Server). This Identifier MUST be present in a RADIUS request. Ensure that NAS Identifier is configured as the same on both client and server.

The FVS338 is acting as a NAS (Network Access Server), allowing network access to external users after verifying their authentication information. In a RADIUS transaction, the NAS must provide some NAS Identifier information to the RADIUS Server. Depending on the configuration of the RADIUS Server, the router's IP address may be sufficient as an identifier, or the Server may require a name, which you would enter here. This name would also be configured on the RADIUS Server, although in some cases it should be left blank on the RADIUS Server.

6.Enable a Backup RADIUS Server (if required) by following steps 2 through 5.

7.Set the Time Out Period, in seconds, that the router should wait for a response from the RADIUS server.

8.Set the Maximum Retry Count. This is the number of tries the router will make to the RADIUS server before giving up.

9.Click Reset to cancel any changes and revert to the previous settings.

10.Click Apply to save the settings.

Note: The Authentication Protocol, usually PAP or CHAP, is configured in the XAUTH section of the VPN Client screen.

5-24

Virtual Private Networking

v1.0, March 2008

Page 118
Image 118
NETGEAR FVS338 manual Enter the Primary Radius Server IP address