ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
Virtual Private Networking Using IPsec Connections
7-29
v1.0, September 2009
4.
Click
Apply
to save your settings. The IKE policy is added to the List of IKE Policies table.
To edit an IKE policy:
1.
Select
VPN
>
IPSec VPN
from the menu. The IPsec VPN submenu tabs appear with the IKE
Policies screen in view (see
Figure 7-20 on page 7-23
).
2.
In the List of IKE Policies table, click the
edit
table button to the right of the IKE policy that
you want to edit. The Edit IKE Policy screen displays. This screen shows the same field as the
Add IKE Policy screen (see
Figure 7-21 on page 7-25
).
3.
Modify the settings that you wish to change (see
Table 7-10
).
Extended Authentication
XAUTH Configuration
Note
: For more
information about
XAUTH and its
authentication modes,
see
“Configuring XAUTH
for VPN Clients” on
page 7-38
.
Select one of the following radio buttons to specify whether or not Extended
Authentication (XAUTH) is enabled, and–if enabled–which device is used to
verify user account information:
•
None
. XAUTH is disabled. This the default setting.
•
Edge Device
. The UTM functions as a VPN concentrator on which one or
more gateway tunnels terminate. The authentication mode that is available
for this configuration is User Database, RADIUS PAP, or RADIUS CHAP.
•
IPSec Host
. The UTM functions as a VPN client of the remote gateway. In
this configuration the UTM is authenticated by a remote gateway with a
user name and password combination.
Authentication
Type
For an Edge Device configuration: from the pull-down
menu, select one of the following authentication types:
•
User Database
. XAUTH occurs through the UTM’s user
database. Users must be added through the Add User
screen (see
“User Database Configuration” on
page 7-39
).
•
Radius PAP
. XAUTH occurs through RADIUS
Password Authentication Protocol (PAP). The local user
database is first checked. If the user account is not
present in the local user database, the UTM25 connects
to a RADIUS server. For more information, see
“RADIUS Client Configuration” on page 7-39
.
•
Radius CHAP
. XAUTH occurs through RADIUS
Challenge Handshake Authentication Protocol (CHAP).
For more information, see
“RADIUS Client
Configuration” on page 7-39
.
Username
The user name for XAUTH.
Password
The password for XAUTH.
Table 7-10. Add IKE Policy Settings (continued)
Item
Description (or Subfield and Description)