XAuth Users Authentication Overview

The XAuth protocol enables the device to authenticate XAuth users and/or assign IP pools and remote settings.

An XAuth user (or user group) is a RAS user who authenticates when connecting to the security device using an AutoKey IKE VPN tunnel. Although both IKE and XAuth users can authenticate through an AutoKey IKE VPN tunnel, the authentication of IKE users is actually the authentication of VPN gateways or clients, while the authentication of XAuth users is the authentication of the individuals themselves. XAuth users must enter information that only they are supposed to know—their username and password.

You can also assign an XAuth user IP, WINS, and DNS addresses from the device. When you assign the XAuth user or user group a remote setting and IP pool at the device level, the settings override the remote settings and IP pool assigned to the VPN.

For more information about configuring authentication users on security devices, refer to the Concepts & Examples ScreenOS Reference Guide: Fundamentals.

Related Documentation