Defining User Reauthentication Protocol Values

The extended-authentication command specifies the extended user authentication protocol for use during the extended user authentication protocol exchange.

The re-authenticate keyword enables the reauthentication option (a subsequent authentication procedure). When this option is enabled, rekeying of IKE SAs uses the initial authentication protocol to reauthenticate the user. When this option is disabled, authentication is only performed at the first IKE SA establishment. Subsequent IKE SAs rekey operations inherit the initial authentication and do not reauthenticate users.

Note: For maximum security, enable reauthentication.

The skip-peer-config keyword disables the router from configuring peer IP characteristics.

extended-authentication

• Use to specify the extended user authentication protocol for use during the extended user authentication protocol exchange. This command can also enable or disable the reauthentication option (a subsequent authentication procedure).
• The re-authenticate keyword enables the reauthentication option (a subsequent authentication procedure).
• The skip-peer-config keyword disables the router from configuring peer IP characteristics.
• Example

  host1(config-ipsec-tunnel-profile)#extended-authentication chap

• Use the no version to reset the extended authentication to the default protocol, pap.
• See extended-authentication.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.