Configuring Xauth For Vpn Clients - NETGEAR DGFV338 ProSafe Reference Manual

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual
• Edge Device. If this is selected, the router is used as a VPN concentrator where one or more
gateway tunnels terminate. If this option is chosen, you must specify the authentication type to
be used in verifying credentials of the remote VPN gateways: User Database, RADIUS-PAP,
or RADIUS-CHAP.
Note: When XAUTH is enabled as an Edge Device, incoming VPN connections are
authenticated against the DGFV338 User Database first; if the user account is
not found, the DGFV338 will then connect to a RADIUS server. If IPSec Host
is enabled, users are authenticated by the remote gateway.
• IPSec Host. If you want authentication by the remote gateway, enter a User Name and
Password to be associated with this IKE policy. If this option is chosen, the remote gateway
must specify the user name and password used for authenticating this gateway.

Configuring XAUTH for VPN Clients

To use XAUTH, you must configure user accounts on the Local Database to be authenticated
against XAUTH, or you must enable a RADIUS-CHAP or RADIUS-PAP server.
Note: You cannot modify an existing IKE policy to add XAUTH while the IKE policy is
in use by a VPN policy. The VPN policy must be disabled before you can modify
the IKE policy.
To enable and configure XAUTH:
1. Select VPN from the main menu and Policies from the submenu. The IKE Policies screen will
display.
2. Click the Edit button adjacent to the existing IKE Policy to be modified, or click Add to
create a new IKE Policy incorporating XAUTH. The Edit IKE Policy menu appears, as
shown in Figure 5-7 on page
3. Locate the Extended Authentication frame at the bottom of the Edit IKE Policy menu:
Figure 5-20
5-28
5-14.
v1.0, May 2008
Virtual Private Networking