Client Authentication Window
Extended Authentication (XAuth) is a feature within the IKE protocol.
XAuth lets you deploy IPSec VPNs using TACACS+ or RADIUS as your
user authentication method. This feature, which is designed for VPN
clients, provides user authentication by prompting users for a username
and password and verifies them with the information stored in your
TACACS+ or RADIUS database. XAuth is negotiated between IKE
Phase 1 (the IKE device authentication phase) and IKE Phase 2 (the
IPSec SA negotiation phase). If XAuth fails, the IPSec security
association is not established, and the IKE security association is
deleted. The AAA server must be defined before XAuth will work on
the Cisco Security Appliance. You can define the AAA server using the
New button. This opens the AAA Server Group window, where you can
define the location of the AAA server, the group name, and the protocol
used for AAA.
Step 5 Define the location of the AAA server, the group name, and the protocol
used for AAA, as shown in Figure 15-31.