In the AutoKey Internet Key Exchange (IKE) gateway configuration, you can choose to have the security device perform XAuth authentication using default XAuth settings. (See AutoKey IKE Gateway Advanced Configuration.)
Enter the necessary information:
Reserve Private IP for XAuth User: Enter the length of time (in minutes) during which, after the initial session ends, you can begin another session without being prompted to log in again.
Default Authentication Server: Select the authentication server that you want to perform XAuth authentication. The default is Local, but you can select another authentication server—RADIUS, SecurID or LDAP—that you previously configured.
Query Client Settings on Default Server: Select this feature if you configured XAuth to perform address assignment as well as authentication. In this case, the authentication server returns an IP address and other settings such as Domain Name Service and Windows Internet Name Service (DNS and WINS) IP addresses to the user upon successful authentication.
CHAP: (Challenge Handshake Authentication Protocol) Select this option if you want the security device to use CHAP only to send a challenge (encryption key) to the remote client. (The remote client then uses the key to encrypt the username and password.)
Note: If you do not select this option, the security device first attempts a negotiation using CHAP. If the negotiation fails, the security device then attempts a negotiation using Password Authentication Protocol (PAP).
Default Accounting Server: (For RADIUS only) Select the default external RADIUS accounting server from the drop-down list. By default, accounting is performed on the authentication server.
Default Accounting Off: (For RADIUS only) Select this option if you want to disable default RADIUS accounting and perform authentication only.
IP Pool Name: Select the IP pool from which you want the server to get the IP addresses to assign to users.
DNS Primary Server IP: Enter the IP address of the primary DNS server.
DNS Secondary Server IP: Enter the IP address of the secondary DNS server.
WINS Primary Server IP: Enter the IP address of the primary WINS server.
WINS Secondary Server IP: Enter the IP address of the secondary WINS server.
Click Apply to save the settings.