Virtual Private Networking Using IPSec Connections
176
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
4. Click Apply to save your settings.
User Database Configuration
When XAUTH is enabled in an Edge Device configuration, users are authenticated either
through a local user database account or by an external RADIUS server. Whether or not you
use a RADIUS server, you might want some users to be authenticated locally. These users
need to be added to the List of Users table on the Users screen, as described in Configure
User Accounts on page 229.
RADIUS Client Configuration
Remote Authentication Dial In User Service (RADIUS, RFC 2865) is a protocol for managing
authentication, authorization, and accounting (AAA) of multiple users in a network. A
RADIUS server stores a database of user information, and can validate a user at the request
of a gateway or server in the network when a user requests access to network resources.
During the establishment of a VPN connection, the VPN gateway can interrupt the process
with an XAUTH request. At that point, the remote user needs to provide authentication
information such as a user name and password or some encrypted response using his or her
user name and password information. The gateway then attempts to verify this information
first against a local user database (if RADIUS-PAP is enabled) and then by relaying the
information to a central authentication server such as a RADIUS server.
To configure primary and backup RADIUS servers:
1. Select VPN > IPSec VPN > RADIUS Client. The RADIUS Client screen displays:
Authentication
Type
For an Edge Device configuration: From the drop-down list, select one of the
following authentication types:
• User Database. XAUTH occurs through the VPN firewall’s user database. You
can add users on the Add User screen (see User Database Configuration on
page 176).
• Radius PAP. XAUTH occurs through RADIUS Password Authentication Protocol
(PAP). The local user database is first checked. If the user account is not present
in the local user database, the VPN firewall connects to a RADIUS server. For
more information, see RADIUS Client Configuration on page 176.
• Radius CHAP. XAUTH occurs through RADIUS Challenge Handshake
Authentication Protocol (CHAP). For more information, see RADIUS Client
Configuration on page 176.
Username The user name for XAUTH.
Password The password for XAUTH.
Table 41. Extended Authentication section settings (continued)
Setting Description
To Next Page
Loading...
