IPsec XAuth from Windows to Vigor Router

IPsec tunnel with Xauth requires not only pre-shared key but also username and password for authentication when VPN client creates the tunnel, it can enhance the security of IPsec tunnel. This article demonstrates how to create an IPsec tunnel with Xauth between Vigor Router and Windows.

Vigor Router Setup

1. Go to VPN and Remote Access >> IPsec General Setup:

a. Enter Pre-Shared Key for Xauth User.

b. Click OK to save.

2. Go to VPN and Remote Access >>Remote Dial-in User.

a. Enable User account and Authentication.

b. Allow IPsec Xauth dial-in type.

c. Enter Username and password.

d. Click OK to save.

Windows Client Setup

1. Download VPN client software for windows which supports IPsec Xauth. Here we use Shrew Soft VPN Client as example.

2. Open VPN Access Manager.

a. Click Add.

b. In general setup, enter VPN Hostname or Server IP.

c. In Authentication setup, select “Mutual PSK+XAuth”.

d. Set identification to “IP Address” and “any” for local identity and remote identity, respectively.

e. Enter Pre-Shared Key for XAuth User.

 f. In Phase1 setup, set Cipher Algorithm to “aes”.

g. In Phase2 setup, set Transform Algorithm to “esp-aes”.

h. Click Save.

 i. Click the saved VPN Client and enter the username and password of the dial-in user to create the IPsec VPN tunnel.

Finally, VPN Connect will show the message as follows.

And Vigor Router shows VPN status on VPN and Remote Access >> Connection Management page.