ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
Virtual Private Networking Using IPsec Connections
7-39
v1.0, September 2009
4.
Complete the fields, select the radio buttons, and make your selections from the pull-down
menus as explained
Table 7-13
.
5.
Click
Apply
to save your settings.
User Database Configuration
When XAUTH is enabled in an Edge Device configuration, users must be authenticated either by a
local user database account or by an external RADIUS server. Whether or not you use a RADIUS
server, you might want some users to be authenticated locally. These users must be added to the
List of Users table on the Users screen, as described in
“Configuring User Accounts” on page 9-9
.
RADIUS Client Configuration
Remote Authentication Dial In User Service (RADIUS, RFC 2865) is a protocol for managing
authentication, authorization, and accounting (AAA) of multiple users in a network. A RADIUS
server stores a database of user information, and can validate a user at the request of a gateway or
Table 7-13.
Extended Authentication
Settings
Item
Description (or Subfield and Description)
Select one of the following radio buttons to specify whether or not Extended Authentication (XAUTH) is
enabled, and–if enabled–which device is used to verify user account information:
•
None
. XAUTH is disabled. This the default setting.
•
Edge Device
. The UTM functions as a VPN concentrator on which one or more gateway tunnels
terminate. The authentication mode that is available for this configuration is User Database, RADIUS
PAP, or RADIUS CHAP.
•
IPSec Host
. The UTM functions as a VPN client of the remote gateway. In this configuration the UTM
is authenticated by a remote gateway with a user name and password combination.
Authentication
Type
For an Edge Device configuration: from the pull-down menu, select one of the
following authentication types:
•
User Database
. XAUTH occurs through the UTM’s user database. Users must be
added through the Add User screen (see
“User Database Configuration” on
page 7-39
).
•
Radius PAP
. XAUTH occurs through RADIUS Password Authentication Protocol
(PAP). The local user database is first checked. If the user account is not present
in the local user database, the UTM25 connects to a RADIUS server. For more
information, see
“RADIUS Client Configuration” on page 7-39
.
•
Radius CHAP
. XAUTH occurs through RADIUS Challenge Handshake
Authentication Protocol (CHAP). For more information, see
“RADIUS Client
Configuration” on page 7-39
.
Username
The user name for XAUTH.
Password
The password for XAUTH.