|
IT Interview Questions:What types of authentication can IPSec use?
Information Technology (IT) Interview Questions and Answers
(Continued from previous question...)
IT Interview Questions:What types of authentication can IPSec use?
Extended Authentication (XAUTH).
Extended Authentication (XAUTH) and Mode Configuration (MODE-CFG)
Authentication schemes such as Remote Authentication Dial-In User Service (RADIUS) and SecureID are commonly used for providing secure remote access. It is highly desirable to leverage these authentication mechanisms for IPSec remote access. But Internet Key Exchange (IKE) protocol, which you learned about in Chapter 2, "IPSec Overview," does not provide a method to leverage these unidirectional authentication schemes. Extended Authentication, commonly referred to as XAUTH, was developed to leverage these legacy authentication schemes with IKE. XAUTH provides an additional level of authentication by allowing the IPSec gateway to request extended authentication from remote users, thus forcing remote users to respond with their credentials before being allowed access to the VPN. It should be noted that XAUTH functions by first forming an IKE phase 1 SA using conventional IKE, and then by extending the IKE exchange to include additional user authentication exchanges.
(Continued on next question...)
Other Interview Questions
| 