8. Manage Users, Authentication, and

8

VPN Certificates

This chapter describes how to manage users, authentication, and security certificates for IPSec VPN and SSL VPN. The chapter contains the following sections:

The Wireless VPN Firewall’s Authentication Process and Options

Configure Authentication Domains, Groups, and Users

Manage Digital Certificates for VPN Connections

The Wireless VPN Firewall’s Authentication Process and Options

Users are assigned to a group, and a group is assigned to a domain. Therefore, you should first create any domains, then groups, then user accounts.

Note: Do not confuse the authentication groups with the LAN groups that

are discussed in Manage IPv4 Groups and Hosts (IPv4 LAN

Groups) on page 67.

You need to create name and password accounts for all users who need to be able to connect to the wireless VPN firewall. This includes administrators, guests, and SSL VPN clients. Accounts for IPSec VPN clients are required only if you have enabled extended authentication (XAUTH) in your IPSec VPN configuration.

Users connecting to the wireless VPN firewall need to be authenticated before being allowed to access the wireless VPN firewall or the VPN-protected network. The login screen that is presented to the user requires three items: a user name, a password, and a domain selection. The domain determines the authentication method that is used and, for SSL connections, the portal layout that is presented.

Note: IPSec VPN and L2TP users do not belong to a domain and are not assigned to a group.

294

Page 294
Image 294
NETGEAR FVS318N manual Wireless VPN Firewall’s Authentication Process and Options, 294