38

AAA Server

This chapter introduces and shows you how to configure the ZyWALL to use external authentication servers.

38.1 AAA Server Overview

You can use an AAA (Authentication, Authorization, Accounting) server to provide access control to your network.

The following lists the types of authentication server the ZyWALL supports.

Local user database

The ZyWALL uses the built-in local user database to authenticate administrative users logging into the ZyWALL’s web configurator or network access users logging into the network through the ZyWALL. You can also use the local user database to authenticate VPN users.

Directory Service (LDAP/AD)

LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a directory service that is both a directory and a protocol for controlling access to a network. The directory consists of a database specialized for fast information retrieval and filtering activities. You create and store user profile and login information on the external server.

RADIUS

RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to authenticate users by means of an external or built-in RADIUS server. RADIUS authentication allows you to validate a large number of users from a central location.

38.1.1ASAS

ASAS (Authenex Strong Authentication System) is a RADIUS server that works with the One-Time Password (OTP) feature. Purchase a ZyWALL OTP package in order to use this feature. The package contains server software and ZyWALL OTP tokens. Do the following to use OTP. See the documentation included on the ASAS’ CD for details.

1Install the ASAS server software on a computer.

2Create user accounts on the ZyWALL and in the ASAS server.

3Import each token’s database file (located on the included CD) into the server.

4Assign users to OTP tokens (on the ASAS server).

 

531

ZyWALL USG 1000 User’s Guide