The application of the XAUTH protocol is set up separately for each VPN remote site. Only the XAUTH operating mode is specified.
LANconfig:
CLI:
- XAUTH Enables the use of XAUTH for the VPN remote site selected.
Possible values:
- Client
- In the XAUTH client operating mode, the device starts the initial phase of IKE negotiation (Main mode or Aggressive mode) and then waits for the authentication request from the XAUTH server. The XAUTH client responds to this request with the user name and password from the PPP table entry in which the PPP remote site corresponds to the VPN remote site defined here. There must therefore be a PPP remote site of the same name for the VPN remote site. The user name defined in the PPP table normally differs from the remote site name.
- Server
- In the XAUTH server operating mode, the device (after successful negotiation of the initial IKE negotiation) starts authentication with a request to the XAUTH client, which then responds with its user name and password. The XAUTH server searches for the user name in the PPP table and, if a match is found, it checks the password. The user name for this entry in the PPP table is not used.
- Off (Default)
- No XAUTH authentication is performed for the connection to this remote site.
Important: If XAUTH authentication is enabled for a VPN remote site, the IKE-CFG option must be set to the same value.