IPsec VPN XAuth
Extended Authentication (XAuth) increases security by requiring additional user authentication information in a separate exchange at the end of the VPN Phase 1 negotiation. If the SecurID user group is used, this extended information will require users to enter their SecurID code. For more on XAuth, see
“Configuring XAuth authentication”.
This Phase 1 configuration will be named securIDxAuth and it will connect with IP address 10.11.101.155 on the wan1 interface.
To configure IPsec VPN XAuth with SecurID authentication - web-based manager
1. Go to VPN > IPsec > Auto Key (IKE).
2. Select Create Phase 1 and enter
Name | securIDxAuth |
Remote Gateway | Dialup User |
Local Interface | wan1 |
Mode | Main (ID protection) |
Authentication Method | Preshared Key |
Pre-shared Key | fortinet |
Peer Options | Accept any peer ID. |
3. Select Advanced... and enter
XAUTH | Enable as Server |
Server Type | AUTO |
User Group | securIDgrp |
4. Select OK.