Configuring authenticated access

VPN authentication

Name

Name for group of dialup users using the VPN for authentication

 

through RADIUS or LDAP servers.

Remote Gateway

Authentication

Method

List of the types of remote gateways for VPN. Select Dialup User.

List of authentication methods available for users. Select Preshared Key.

3Select Advanced to reveal additional parameters and enter the following information.

XAuth

Select Enable as Server.

Server Type

Select PAP, CHAP, or AUTO. Use CHAP whenever possible. Use

 

PAP with all implementations of LDAP and with other

 

authentication servers that do not support CHAP, including some

 

implementations of Microsoft RADIUS. Use AUTO with the

 

Fortinet Remote VPN Client and where the authentication server

 

supports CHAP but the XAuth client does not.

User Group

List of available user groups. Select the user group that is to have

 

access to the VPN. The list of user groups does not include any

 

group that has members whose password is stored on the

 

FortiGate unit.

4Configure other VPN gateway parameters as needed.

5Select OK.

For more information about XAUTH configuration, see the

FortiGate IPSec VPN User Guide.

To configure authentication for a dialup IPSec VPN - CLI

config vpn ipsec phase1 edit <gateway_name>

set peertype dialup set xauthtype pap

set authusrgrp <user_group_name> end

Parameters specific to setting up the VPN itself are not shown here. For detailed information about configuring an IPSec VPN, see the

FortiGate IPSec VPN User Guide.

FortiOS v3.0 MR7 User Authentication User Guide

 

01-30007-0347-20080828

59

Page 59
Image 59
Fortinet v3.0 MR7 To configure authentication for a dialup IPSec VPN CLI, Remote Gateway Authentication Method, XAuth