Netgear FVS318N – Prosafe Wireless N VPN Firewall Manual De Referencia

Users are assigned to a group, and a group is assigned to a domain. Therefore, you should 
first create any domains, then groups, then user accounts.

Do not confuse the authentication groups with the LAN groups that 
are described in 

68.

You need to create name and password accounts for all users who need to be able to 
connect to the wireless VPN firewall. This includes administrators, guests, and SSL VPN 
clients. Accounts for IPSec VPN clients are required only if you have enabled extended 
authentication (XAUTH) in your IPSec VPN configuration.

Users connecting to the wireless VPN firewall need to be authenticated before being allowed 
to access the wireless VPN firewall or the VPN-protected network. The login screen that is 
presented to the user requires three items: a user name, a password, and a domain 
selection. The domain determines the authentication method that is used and, for SSL 
connections, the portal layout that is presented. 

IPSec VPN and L2TP users do not belong to a domain and are not 
assigned to a group.

Except in the case of IPSec VPN users, when you create a user account, you need to specify 
a group. When you create a group, you need to specify a domain.

The following table summarizes the external authentication protocols and methods that the 
wireless VPN firewall supports.

PAP

Password Authentication Protocol (PAP) is a simple protocol in which the client sends a 
password in clear text.

CHAP

Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake 
in which the client and server trade challenge messages, each responding with a hash of 
the other’s challenge message that is calculated using a shared secret value.

RADIUS

A network-validated PAP or CHAP password-based authentication method that functions 

with Remote Authentication Dial In User Service (RADIUS).