VPN authentication - IPSec tutorial guide
Authentication is to prove a user or entity is allowed access, and so provides a form of access control. For example when your logging on to your Windows machine, and specifying a username and password at the logon screen, you are authenticating yourself. Your telling Windows your are a valid and authenticated user, and prove this by providing a username and password.
Two types of authentication methods used within site to site VPN gateways are a Pre-shared key and a digital signature. Pre-shared key is authenticating using a key, although this is not a scalable option in large networks. A digital Certificate is a scalable option and would have to be purchased from a CA (Certification Authority) such as Verisign, GoDaddy and others.
Another option for VPN authentication is with the use of Xauth (extended authentication) where additional user authentication is required usually through the use of LDAP or Radius authentication protocols. However this is usually used when setting up remote / mobile user VPN. This is executed at the end of phase 1 negotiation.
From a general standpoint authentication is actually part of a three phase process, identification, authentication and authorisation. In the example of Windows, identification is your username. You’re identifying yourself. Then windows would now say you have identified your self as Jo; now prove this with a password. This step is the authentication, which would also allow you to access and prove to Windows you are in fact Jo and are a valid user. When you’re authenticated, Windows will give you access to only the services you are allowed to use. This is called authorisation. For example you may be a limited user, and so you would not be able to make administrative changes, or changes to the system controls, uninstall reinstall programs, etc. But as a limited user you will be allowed / authorised to access programs, save your files and folders and browse the internet. Or if you are authenticating to a domain controller, then you may be authorised to access certain file servers depending on who you are and which groups you belong to within active directory.
Wikipedia's guide to Authentication