Netgear UTM9S – ProSECURE Unified Threat Management (UTM) Appliance with DSL and Wireless modules 参照マニュアル
Virtual Private Networking Using IPSec Connections
277
ProSecure Unified Threat Management (UTM) Appliance
2.
In the List of VPN Policies table, click the Edit table button to the right of the VPN policy that
you want to edit. The Edit VPN Policy screen displays. This screen shows the same fields
as the Add VPN Policy screen (see
you want to edit. The Edit VPN Policy screen displays. This screen shows the same fields
as the Add VPN Policy screen (see
3.
Modify the settings that you wish to change (see the previous table).
4.
Click Apply to save your changes. The modified VPN policy is displayed in the List of VPN
Policies table.
Policies table.
Configure Extended Authentication (XAUTH)
When many VPN clients connect to a UTM, you might want to use a unique user
authentication method beyond relying on a single common pre-shared key for all clients.
Although you could configure a unique VPN policy for each user, it is more efficient to
authenticate users from a stored list of user accounts. XAUTH provides the mechanism for
requesting individual authentication information from the user. A local user database or an
external authentication server, such as a RADIUS server, provides a method for storing the
authentication information centrally in the local network.
authentication method beyond relying on a single common pre-shared key for all clients.
Although you could configure a unique VPN policy for each user, it is more efficient to
authenticate users from a stored list of user accounts. XAUTH provides the mechanism for
requesting individual authentication information from the user. A local user database or an
external authentication server, such as a RADIUS server, provides a method for storing the
authentication information centrally in the local network.
You can enable XAUTH when you manually add or edit an IKE policy. Two types of XAUTH
are available:
are available:
•
Edge Device. The UTM is used as a VPN concentrator on which one or more gateway
tunnels terminate. You need to specify the authentication type that should be used during
verification of the credentials of the remote VPN gateways: the user database,
RADIUS-PAP, or RADIUS-CHAP.
verification of the credentials of the remote VPN gateways: the user database,
RADIUS-PAP, or RADIUS-CHAP.
•
IPSec Host. Authentication by the remote gateway through a user name and password
that are associated with the IKE policy. The user name and password that are used to
authenticate the UTM need to be specified on the remote gateway.
authenticate the UTM need to be specified on the remote gateway.
Note:
If a RADIUS-PAP server is enabled for authentication, XAUTH first
checks the local user database for the user credentials. If the user
account is not present, the UTM then connects to a RADIUS server.
account is not present, the UTM then connects to a RADIUS server.
Configure XAUTH for VPN Clients
Once the XAUTH has been enabled, you need to establish user accounts in the user
database to be authenticated against XAUTH, or you need to enable a RADIUS-CHAP or
RADIUS-PAP server.
database to be authenticated against XAUTH, or you need to enable a RADIUS-CHAP or
RADIUS-PAP server.
Note:
You cannot modify an existing IKE policy to add XAUTH while the
IKE policy is in use by a VPN policy. The VPN policy needs to be
disabled before you can modify the IKE policy.
disabled before you can modify the IKE policy.