ZyXEL 35 Betriebsanweisung
ZyWALL 35 Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
228
Using xAuth for User Authentication
IKE Extended Authentication (Xauth) is a draft RFC developed by the Internet Engineering Task Force
(IETF) based on the Internet Key Exchange (IKE) protocol. The Xauth feature is an enhance to the
existing Internet Key Exchange (IKE) Protocol feature. Xauth allows authentication methods to perform
user authentication in a separate phase after the IKE authentication phase 1 exchange. The Xauth feature
is an extension to the IKE feature, and does not replace IKE authentication.
Before Xauth, IKE only supported authentication of the device, not authentication of the user using the
device. With Xauth, IKE can now authenticate the user using the device after the device has been
authenticated during normal IKE authentication.
Since remote users may use the same pre-shared key for device authentication, it may have some problem
once the key is compromised. Otherwise, an extra authentication would be more.