ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

199

existing Internet Key Exchange (IKE) Protocol feature. Xauth allows authentication methods to perform

user authentication in a separate phase after the IKE authentication phase 1 exchange. The Xauth feature

is an extension to the IKE feature, and does not replace IKE authentication.

Before Xauth, IKE only supported authentication of the device, not authentication of the user using the

device. With Xauth, IKE can now authenticate the user using the device after the device has been

authenticated during normal IKE authentication.

Since remote users may use the same pre-shared key for device authentication, it may have some problem

once the key is compromised. Otherwise, an extra authentication would be more.

To Use “xAuth” for authentication, enable “Extended Authentication” while configuring “VPN Gateway

Policy”. Select “Server Mode” on the VPN concentrator. There are two kinds of user_identification

(username/password) database can be used for authentication: Local_User & RADIUS. (Note that

Local_User first then RADIUS if both exist).

LAN

ZyWALL

WAN

Internet

Mobile user

Telecommuter