fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Auto Key phase 1 parameters Using XAuth authentication<br />
5 The Server Type setting determines the type of encryption method to use between the<br />
XAuth client, the FortiGate unit and the authentication server. Select one of the<br />
following options:<br />
PAP—Password Authentication Protocol.<br />
CHAP— Challenge-Handshake Authentication Protocol.<br />
AUTO—Use PAP between the XAuth client and the FortiGate unit, and CHAP<br />
between the FortiGate unit and the authentication server.<br />
6 From the User Group list, select the user group that needs to access the private<br />
network behind the FortiGate unit. The group must be added to the FortiGate<br />
configuration before it can be selected here.<br />
7 Select OK.<br />
Using the FortiGate unit as an XAuth client<br />
If the FortiGate unit acts as a dialup client, the remote peer, acting as an XAuth server,<br />
might require a user name and password. You can configure the FortiGate unit as an<br />
XAuth client, with its own user name and password, which it provides when challenged.<br />
To configure the FortiGate dialup client as an XAuth client<br />
1 At the FortiGate dialup client, go to VPN > IPsec > Auto Key (IKE).<br />
2 In the list, select a phase 1 configuration and select Edit.<br />
3 Select Advanced.<br />
4 Under XAuth, select Enable as Client.<br />
5 In the Username field, type the FortiGate PAP, CHAP, RADIUS, or LDAP user name<br />
that the FortiGate XAuth server will compare to its records when the FortiGate XAuth<br />
client attempts to connect.<br />
6 In the Password field, type the password to associate with the user name.<br />
7 Select OK.<br />
FortiOS Handbook v3: IPsec VPNs<br />
01-434-112804-20120111 55<br />
http://docs.fortinet.com/