interface. These clients will want HTTP access to hosts on a network server_net on the If2
interface.
Clients connections will be authenticated using the identity awareness feature. The only
usernames that will be allowed are user1@mydomain and user2@mydomain.
It is also assumed that the D-Link Authentication Agent software has already been installed on a
single external Windows domain server and is configured with the IPv4 address defined by the
address book object aa_server_ip and the pre-shared key defined by the aa_server_key PSK
object.
It is assumed that the domain has only one server.
Command-Line Interface
Define an Authentication Agent object that describes the external server:
gw-world:/> add AuthAgent IPAddress=aa_server_ip
PSK=aa_server_key
Name=my_auth_agent
Assign the permitted usernames to the network object for client IPs:
gw-world:/> add Address IP4Address client_net
UserAuthGroups=user1@mydomain,user2@mydomain
Create an IP Policy which allows access and uses client_net as the source network.
gw-world:/main> add IPPolicy
SourceInterface=If1
SourceNetwork=client_net
DestinationInterface=If2
DestinationNetwork=server_net
Service=http-all
Name=client_to_server
Action=Allow
Web Interface
Define the Authentication Agent object that describes the external server:
1. Go to:
Policies > Authentication > Authentication Agents > Add > Authentication Agent
2. Now enter:
• Name: my_auth_agent
• IP Address: aa_server_ip
• Pre-shared key: aa_server_key
3. Click OK
Assign the permitted usernames to the network object for client IPs:
1. Go to: Objects > Address Book > client_net
2. Select the User Authentication tab
Chapter 8: User Authentication
643
To Next Page
Loading...
