extended-authentication

Syntax

extended-authentication { none | pap | chap } [ re-authenticate ]
[ skip-peer-config ]

no extended-authentication

Release Information

Command introduced in JunosE Release 7.3.0.

Description

Specifies the extended user authentication protocol for use during the extended user authentication protocol exchange. The no version restores the default protocol, pap.

Options

• none—Specifies that no extended authentication is performed
• pap—Specifies the use of PAP protocol for extended authentication
• chap—Specifies the use of CHAP protocol for extended authentication
• re-authenticate—Enables reauthentication when IKE SA rekeying occurs. When this option is enabled, rekeying of IKE SAs uses the initial authentication protocol to reauthenticate the user. When this option is disabled, authentication is only performed at the first IKE SA establishment. Subsequent IKE SAs rekey operations inherit the initial authentication and do not reauthenticate users. For maximum security, enable reauthentication.
• skip-peer-config—Disables configuration of peer IP characteristics

Mode

IPSec Tunnel Profile Configuration