NETGEAR FVX538NA Network Card User Manual


 
ProSafe VPN Firewall 200 FVX538 Reference Manual
Virtual Private Networking 5-31
v1.0, August 2006
CA Identify – The official name of the CA which issued this CRL.
Last Update – The date when this CRL was released.
Next Update – The date when the next CRL will be released.
To upload a Certificate Identify to the CRL:
1. From the main menu under VPN, select Certificates. The Certificates screen will display
showing the CRL (Certificate Revocation List) table at the bottom of the screen.
2. Click Browse, and then locate the file you previously downloaded from a CA.
3. Select the Certificate Identify file. The name will appear in the “File to upload” field. Click
Upload.
Click Back to return to the CRL list. The new Certificate Identify will appear in the CRL Table. If
you have a previous CA Identity from the same CA, it should now be deleted.
Extended Authentication (XAUTH) Configuration
When connecting many VPN clients to a VPN gateway router, an administrator may want a unique
user authentication method beyond relying on a single common preshared key for all clients.
Although the administrator could configure a unique VPN policy for each user, it is more
convenient for the VPN gateway router to authenticate users from a stored list of user accounts.
XAUTH provides the mechanism for requesting individual authentication information from the
user, and a local User Database or an external authentication server, such as a RADIUS server,
provides a method for storing the authentication information centrally in the local network.
XAUTH is enabled when adding or editing an IKE Policy. Two types of XAUTH are available:
Edge Device. If this is selected, the router is used as a VPN concentrator where one or more
gateway tunnels terminate. If this option is chosen, you must specify the authentication type to
be used in verifying credentials of the remote VPN gateways: User Database, RADIUS-PAP,
or RADIUS-CHAP.
Figure 5-25