Home Page


Email & Spam

Security Terminology

Security Topics

VPN & Cryptography





VPN Terminology

VPN Tutorial Guide



Aggressive Mode

Authentication Header

Asymmetric Encryption


Certification Authority

Data Integrity



Digital Certificate

Dynamic IP addresses





IPSec Quick Mode


Main Mode







Pre-Shared Key

Remote Access User


Security Association


Site to Site VPN


Transform Sets

Tunnel mode and Transport mode

VPN client tunneling option

VPN Topologies

VPN Tunnel


Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?


What is Guide

What is a Firewall?

What is a Virus?

What is Spam?


Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security



Top 8 Internet Security tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?



VPN authentication - IPSec tutorial guide



Authentication is to prove a user or entity is allowed access, and so provides a form of access control. For example when your logging on to your Windows machine, and specifying a username and password at the logon screen, you are authenticating yourself. Your telling Windows your are a valid and authenticated user, and prove this by providing a username and password.

Two types of authentication methods used within site to site VPN gateways are a Pre-shared key and a digital signature. Pre-shared key is authenticating using a key, although this is not a scalable option in large networks. A digital Certificate is a scalable option and would have to be purchased from a CA (Certification Authority) such as Verisign, GoDaddy and others.

Another option for VPN authentication is with the use of Xauth (extended authentication) where additional user authentication is required usually through the use of LDAP or Radius authentication protocols. However this is usually used when setting up remote / mobile user VPN. This is executed at the end of phase 1 negotiation.

From a general standpoint authentication is actually part of a three phase process, identification, authentication and authorisation. In the example of Windows, identification is your username. You’re identifying yourself. Then windows would now say you have identified your self as Jo; now prove this with a password. This step is the authentication, which would also allow you to access and prove to Windows you are in fact Jo and are a valid user. When you’re authenticated, Windows will give you access to only the services you are allowed to use. This is called authorisation. For example you may be a limited user, and so you would not be able to make administrative changes, or changes to the system controls, uninstall reinstall programs, etc. But as a limited user you will be allowed / authorised to access programs, save your files and folders and browse the internet. Or if you are authenticating to a domain controller, then you may be authorised to access certain file servers depending on who you are and which groups you belong to within active directory.

Further Reading

Wikipedia's guide to Authentication