VPN authentication | Configuring authenticated access |
4Enter Starting IP and Ending IP addresses. This defines the range of addresses assigned to VPN clients.
5Select the user group that is to have access to this VPN. The FortiGate unit authenticates members of this user group.
6Select Apply.
To configure authentication for a PPTP VPN - CLI
config vpn pptp
set eip <starting_ip> set sip <ending_ip> set status enable
set usrgrp <user_group_name> end
You also need to define a firewall policy that permits packets to pass from VPN clients with addresses in the specified range to IP addresses that the VPN clients need to access on the private network behind the FortiGate unit. The Action for this firewall policy is ACCEPT, not ENCRYPT, because the allowed user group is defined in the PPTP VPN configuration, not in the firewall policy.
For detailed information about configuring PPTP, see the FortiGate PPTP VPN User Guide.
Configuring authentication of L2TP VPN users/user groups
Authentication of a FortiGate L2TP configuration must be done using the config vpn l2tp CLI command.
To configure authentication for an L2TP VPN - CLI
config vpn l2tp
set eip <starting_ip> set sip <ending_ip> set status enable
set usrgrp <user_group_name> end
For more information, see the FortiGate CLI Reference.
Configuring authentication of remote IPSec VPN users
An IPSec VPN on a FortiGate unit can authenticate remote users through a dialup group. The user account name is the peer ID and the password is the
Authentication through user groups is supported for groups containing only local users. To authenticate users using a RADIUS or LDAP server, you must configure XAUTH settings. See “Configuring XAuth authentication” on page 58.
To configure user group authentication for dialup IPSec -
1Configure the dialup users who are permitted to use this VPN. Create a user group with Type:Firewall and add them to it.
For more information, see “Users/peers and user groups” on page 33.
| FortiOS v3.0 MR7 User Authentication User Guide |
56 |