Filter
Top Products
Identifying authentication requirements
2-6 Planning Your VPN Configuration
Extended authentication
In addition to the normal authentication checks inherent during the
negotiation process at the start of every VPN association, Extended
Authentication goes one step further by requiring the person
requesting the VPN connection to validate their identity.
Depending on the authentication method you select, the person must
provide a unique user name and password, a special passcode, or
one-time password before the VPN association is established. For
example, assume you configure a VPN association to use Extended
Authentication and that you select the standard password process as
the form of authentication. When a person attempts to establish a VPN
connection, Sidewinder will perform the standard VPN negotiations
but in addition will issue a request for the proper password. The
person initiating the VPN connection request must then enter the
proper password at their workstation before the connection will be
made.
The Extended Authentication option is most useful if you have
travelling employees that connect remotely to your network using
laptop computers. If a laptop computer is stolen, without Extended
Authentication it might be possible for an outsider to illegally access
your network. This is because the information needed to establish the
VPN connection (the self-signed certificate, etc.) is saved within the
VPN client software. When Extended Authentication is used, however,
the user is required to enter an additional piece of authentication
information that is not saved on the computer—either a password,
passcode, or PIN. This additional level of authentication renders the
VPN capabilities of the laptop useless when in the hands of a thief.