Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies SSL VPN manual 5Select Local computer and click Finish

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 80
Image 80
5Select Local computer and click Finish.

Using RADIUS Servers for Authentication and Authorization

Type is the vendor-assigned attribute number.

Attribute name is the type of attribute name that is defined in IAS. The default name is CTXSUserGroups=.

Separator is defined if multiple user groups are included in the RADIUS configuration. A separator can be a space, a period, a semicolon, or a colon.

To configure IAS so the Firebox SSL VPN Gateway can use RADIUS authorization, follow the steps below. These steps assume that IAS is installed from the Add/Remove Programs Control Panel. For more infor- mation about installing IAS, see Windows Help.

To configure Microsoft Internet Authentication Service for Windows 2000 Server

1Open the Microsoft Management Console (MMC) by clicking Start > Run.

2 In Open, type MMC.

3 In the MMC console, on the File menu, click Add/Remove Snap-in.

4Click Add and in the Add/Remove Snap-indialog box, select Internet Authentication Service and click Add.

5Select Local computer and click Finish.

6 Click Close and then click OK.

7 Right-clickRemote Access Policies and then click New Remote Access Policy. 8 Select Set up a custom policy.

9 In Policy name, give the policy a name and click Next.

10 Under Policy Conditions, click Add, select Windows-Groups, and click Add. 11 In Select Groups, click Add, and then type the name of the group.

12A summary of conditions to match the policy is shown. To add more conditions, click Add, otherwise, click Next.

13In the Edit Dial-In Profile dialog box, on the Authentication tab, select Encrypted Authentication (CHAP) and Unencrypted Authentication (PAP, SPAP).

Note

Password Authentication Protocol (PAP) is an authentication protocol that allows Point-to-Point Protocol (PPP) peers to authenticate one another. PAP passes the password and host name or user name unencrypted. PAP does not prevent unauthorized access but identifies the remote end.

14Clear Microsoft Encrypted Authentication version 2 (MS-CHAP v2) and Microsoft Encrypted Authentication (MS-CHAP).

15Click OK.

The Firebox SSL VPN Gateway needs the Vendor-Specific Attribute to match the users defined in the group on the server with those on the Firebox SSL VPN Gateway. This is done by sending the Vendor-Specific Attributes to the Firebox SSL VPN Gateway.

16In the Edit Dial-in Profile dialog box, click the Advanced tab.

17Click Add.

70

Firebox SSL VPN Gateway

Page 79 Page 81
Page 80
Image 80
WatchGuard Technologies SSL VPN manual 5Select Local computer and click Finish
Page 79 Page 81