1 select options > authentication options, 2 click user group security authentication – Panasonic NN46110-600 User Manual

Chapter 2 Configuring servers 43

• MS-CHAP is available for PPTP tunnel users only (it is not applicable to

IPsec tunneling applications).

If you are using token cards for authentication, you must select the appropriate

technologies (SecurlD). For example, the SecurlD passcode is the pin plus the
token code.

Note:

The UID and password are never passed in the clear for an IPsec

client, either from the remote client or from the VPN Router
communicating with the RADIUS server. If you use PAP authentication
for a PPTP session, both the user name and the password are passed in

the clear to the VPN Router over the Internet.

There is no significant security benefit between using CHAP or PAP. A minor
consideration to take into account is that PAP authentication consumes fewer

instructions during the authentication process because the connection between the

VPN Router and the RADIUS server is protected by encryption.

When you use RADIUS-based authentication, the IPsec client and the VPN

Router require a second set of credentials for mutual authentication. These

credentials are referred to as the group ID and group password.

The remote access client information is documented in the VPN Client online
Help. On the IPsec client side, the remote user must:

1

Select

Options > Authentication Options

.

2

Click

User Group Security Authentication

.

3

Enter the group ID and group password.

4

Select one of the following options:

•

Challenge Response Token

•

Response Only Token

•

Group Password Authentication

To complete the RADIUS setup, you must configure at least one group profile for

RADIUS users. In this profile, you must enter the group ID, password, and the

allowed group authentication options. You can configure the group profile from

the Profiles > Groups > Configure IPsec window.

Nortel VPN Router Security — Servers, Authentication, and Certificates