beautypg.com

Configuring xauth authentication – Fortinet FortiGate v3.0 MR7 User Manual

Page 58

background image

FortiOS v3.0 MR7 User Authentication User Guide

58

01-30007-0347-20080828

VPN authentication

Configuring authenticated access

Configuring XAuth authentication

Extended Authentication (XAuth) increases security by requiring additional user
authentication in a separate exchange at the end of the VPN Phase 1 negotiation.
The FortiGate unit challenges the user for a user name and password. It then
forwards the user credentials to an external RADIUS or LDAP server for
verification.

XAuth can be used in addition to or in place of IPSec phase 1 peer options to
provide access security through an LDAP or RADIUS authentication server. You
must configure dialup users as members of a user group who are externally
authenticated. None can have passwords stored on the FortiGate unit.

To configure authentication for a dialup IPSec VPN - web-based manager

1

Configure the users who are permitted to use this VPN. Create a user group and
add them to it.

For more information, see

“Users/peers and user groups” on page 33

.

2

Go to VPN > IPSec > Auto Key (IKE), and enter the following information:

Figure 29: IPSec configuration for dialup users

See also other documents in the category Fortinet Hardware: