Enable X-Auth Support for strongSwan endpoints by setting up an authentication
profile and configuring the IPSec tunnel and connection settings.
The following workflow shows how to enable
authentication for strongSwan clients using an authentication profile.
The authentication profile specifies which server profile to use
when authenticating strongSwan clients.
Set up the IPsec tunnel that the GlobalProtect
gateway will use for communicating with a strongSwan client.
Extended authentication (X-Auth) is not supported
for Prisma Access deployments.
Select an existing gateway or
the GlobalProtect Gateway Configuration dialog, select the
you want to use.
specify the following settings to set up the tunnel:
Select the check box to
Enable X-Auth Support
if they are not yet configured.
to save these tunnel settings.
Verify that the default connection settings in the
of the IPsec tunnel configuration file (
are correctly defined for the strongSwan client.
file is usually found
in this procedure are tested and verified for the following releases:
Ubuntu 14.0.4 with strongSwan 5.1.2 and CentOS 6.5 with strongSwan
5.1.3 for PAN-OS 6.1.
Ubuntu 14.0.4 with strongSwan 5.2.1 for PAN-OS 7.0.
configurations in this procedure can be used for reference if you
are using a different version of strongSwan. Refer to the strongSwan wiki for more information.
section of the
configure the following recommended settings: