Configuring authenticated access
VPN authentication
FortiGate User Authentication Version 1 Guide
01-28007-0233-20050825
25
7
Under Server Type: select PAP, CHAP or Mixed.
Use CHAP whenever possible. Use PAP with all implementations of LDAP and
with other authentication servers that do not support CHAP, including some
implementations of Microsoft RADIUS. Use MIXED with the Fortinet Remote VPN
Client and where the authentication server supports CHAP but the XAuth client
does not.
8
Select the user group that is to have access to this VPN.
The list of user groups does not include any group that has members whose
password is stored on the FortiGate unit.
9
Configure other VPN gateway parameters as needed.
10
Select OK.
For more information about XAUTH configuration, see “Enabling XAUTH on the
FortiGate unit” in the
FortiGate VPN Guide
.
To configure authentication for a dialup IPSec VPN - CLI
config vpn ipsec phase1
edit <gateway_name>
set peertype dialup
set xauthtype pap
set authusrgrp <user_group_name>
end
Parameters specific to setting up the VPN itself are not shown here. For detailed
information about configuring an IPSec VPN, see “Configuring IPSec VPNs” in the
FortiGate VPN Guide
.