ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual

You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH are available:

Edge Device. The UTM is used as a VPN concentrator on which one or more gateway tunnels terminate. You must specify the authentication type that must be used during verification of the credentials of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUS- CHAP.

IPsec Host. Authentication by the remote gateway through a user name and password that are associated with the IKE policy. The user name and password that are used to authenticate the UTM must be specified on the remote gateway.

Note: If a RADIUS-PAP server is enabled for authentication, XAUTH first checks the local user database for the user credentials. If the user account is not present, the UTM then connects to a RADIUS server.

Configuring XAUTH for VPN Clients

Once the XAUTH has been enabled, you must establish user accounts on the User Database to be authenticated against XAUTH, or you must enable a RADIUS-CHAP or RADIUS-PAP server.

Note: You cannot modify an existing IKE policy to add XAUTH while the IKE policy is in use by a VPN policy. The VPN policy must be disabled before you can modify the IKE policy.

To enable and configure XAUTH:

1.Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs appear with the IKE Policies screen in view (see Figure 7-20 on page 7-23).

2.In the List of IKE Policies table, click the edit table button to the right of the IKE policy for which you want to enable and configure XAUTH. The Edit IKE Policy screen displays. This screen shows the same field as the Add IKE Policy screen (see Figure 7-21 on page 7-25).

3.Locate the Extended Authentication section on the screen.

7-38

Virtual Private Networking Using IPsec Connections

v1.0, September 2009

Page 248
Image 248
NETGEAR UTM25EW-100NAS, UTM25-100NAS, UTM10EW-100NAS manual Configuring Xauth for VPN Clients