Configuring shared servers for RUVPN
•The IP addresses of the DNS and WINS servers in the trusted network that perform IP address lookup on host alias names.
•The usernames and passwords of those authorized to connect to the Firebox using RUVPN.
•For Mobile User VPN, you will also need:
-Mobile User VPN license key
-Target Firebox upgraded to strong or medium encryption
Configuring shared servers for RUVPN
RUVPN clients rely on shared Windows Internet Name Server (WINS) and Domain Name System (DNS) server addresses. For information on configuring these servers, see “Entering WINS and DNS server addresses” on page 40.
Adding remote access users
The Firebox configuration file automatically includes two Firebox User groups called pptp_users and ipsec_users. When a remote host connects and creates a tunnel, Policy Manager authenticates the username against the list of members for the group associated with the tunnel type. In other words, an incoming PPTP tunnel would authenticate against the pptp_users group.
Once authenticated, the Policy Manager then adds the remote client IP address to the group. Use the Firebox User group to configure services for incoming and outgoing RUVPN traffic.
Because of the way Windows holds the username and password for subsequent logins, one option to reduce
RUVPN users must be added as Firebox users even if another authentication method is used internally.
Adding a member to built-in RUVPN user groups
The process to add a member to the
1Select Setup => Authentication.
2Click the Firebox Users tab. To add a new user, click the Add button beneath the
Users list.
There is also a button to access the Setup Firebox User dialog box from within the Mobile User VPN wizard.
134