7-1
v1.0, April 2010
Chapter 7
Managing Users, Authentication, and Certificates
This chapter describes how to manage users, authentication, and security certificates for IPsec
VPN and SSL VPN. This chapter contains the following sections:
• “Configuring VPN Authentication Domains, Groups, and Users” on this page
• “Managing Digital Certificates” on page 7-17
Configuring VPN Authentication Domains, Groups, and
Users
Users are assigned to a group, and a group is assigned to a domain. Therefore, you should first
create any domains, then groups, then user accounts.
You must create name and password accounts for all users who must be able connect to the VPN
firewall. This includes administrators and SSL VPN clients. Accounts for IPsec VPN clients are
required only if you have enabled Extended Authentication (XAUTH) in your IPsec VPN
configuration.
Users connecting to the VPN firewall must be authenticated before being allowed to access the
VPN firewall or the VPN-protected network. The login window that is presented to the user
requires three items: a user name, a password, and a domain selection. The domain determines the
authentication method that is used and, for SSL connections, the portal layout that is presented.
Except in the case of IPsec VPN users, when you create a user account, you must specify a group.
When you create a group, you must specify a domain.
Note: IPsec VPN users always belong to the default domain (geardomain) and are not
assigned to groups.
To Next Page
Loading...
