Netgear UTM25EW-100NAS ユーザーズマニュアル

7-38

Virtual Private Networking Using IPsec Connections

You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH are 
available:

•

Edge Device. The UTM is used as a VPN concentrator on which one or more gateway tunnels 
terminate. You must specify the authentication type that must be used during verification of 
the credentials of the remote VPN gateways: User Database, RADIUS-PAP, or RADIUS-
CHAP.

•

IPsec Host. Authentication by the remote gateway through a user name and password that are 
associated with the IKE policy. The user name and password that are used to authenticate the 
UTM must be specified on the remote gateway.

Once the XAUTH has been enabled, you must establish user accounts on the User Database to be 
authenticated against XAUTH, or you must enable a RADIUS-CHAP or RADIUS-PAP server.

To enable and configure XAUTH:

1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs appear with the IKE 

Policies screen in view (see 

).

2. In the List of IKE Policies table, click the edit table button to the right of the IKE policy for 

which you want to enable and configure XAUTH. The Edit IKE Policy screen displays. This 
screen shows the same field as the Add IKE Policy screen (see 

).

3. Locate the Extended Authentication section on the screen.

Note: If a RADIUS-PAP server is enabled for authentication, XAUTH first checks the 

local user database for the user credentials. If the user account is not present, the 
UTM then connects to a RADIUS server.

Note: You cannot modify an existing IKE policy to add XAUTH while the IKE policy is 

in use by a VPN policy. The VPN policy must be disabled before you can modify 
the IKE policy.