NETGEAR UTM5EW-100NAS Router User Manual


 
Virtual Private Networking Using IPSec, PPTP, or L2TP Connections
308
ProSecure Unified Threat Management (UTM) Appliance
To edit a VPN policy:
1. Select VPN > IPSec VPN > VPN Policies. The VPN Policies screen displays (see
Figure 181 on page 301).
2. In the List of VPN Policies table, click the Edit table button to the right of the VPN policy that
you want to edit. The Edit VPN Policy screen displays. This screen shows the same fields as
the Add VPN Policy screen (see Figure 182 on page 303).
3. Modify the settings that you wish to change (see the previous table).
4. Click Apply to save your changes. The modified VPN policy is displayed in the List of VPN
Policies table.
Configure Extended Authentication (XAUTH)
Configure XAUTH for VPN Clients
User Database Configuration
RADIUS Client and Server Configuration
When many VPN clients connect to a UTM, you might want to use a unique user
authentication method beyond relying on a single common pre-shared key for all clients.
Although you could configure a unique VPN policy for each user, it is more efficient to
authenticate users from a stored list of user accounts. XAUTH provides the mechanism for
requesting individual authentication information from the user. A local user database or an
external authentication server, such as a RADIUS server, provides a method for storing the
authentication information centrally in the local network.
You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH
are available:
Edge Device. The UTM is used as a VPN concentrator on which one or more gateway
tunnels terminate. You need to specify the authentication type that should be used during
verification of the credentials of the remote VPN gateways: the user database,
RADIUS-PAP, or RADIUS-CHAP.
IPSec Host. Authentication by the remote gateway through a user name and password
that are associated with the IKE policy. The user name and password that are used to
authenticate the UTM need to be specified on the remote gateway.
Note: If a RADIUS-PAP server is enabled for authentication, XAUTH first
checks the local user database for the user credentials. If the user
account is not present, the UTM then connects to a RADIUS server.