Chapter 29 Object
USG20(W)-VPN Series User’s Guide
511
29.9 Auth. Method Overview
Authentication method objects set how the USG authenticates wireless, HTTP/HTTPS clients, and
peer IPSec routers (extended authentication) clients. Configure authentication method objects to
have the USG use the local user database, and/or the authentication servers and authentication
server groups specified by AAA server objects. By default, user accounts created and stored on the
USG are authenticated locally.
•Use the Configuration > Object > Auth. Method screens (Section 29.9.3 on page 512) to
create and manage authentication method objects.
29.9.1 Before You Begin
Configure AAA server objects before you configure authentication method objects.
29.9.2 Example: Selecting a VPN Authentication Method
After you set up an authentication method object in the Auth. Method screens, you can use it in
the VPN Gateway screen to authenticate VPN users for establishing a VPN connection. Refer to the
chapter on VPN for more information.
Follow the steps below to specify the authentication method for a VPN connection.
Timeout Specify the timeout period (between 1 and 300 seconds) before the USG disconnects from
the RADIUS server. In this case, user authentication fails.
Search timeout occurs when either the user information is not in the RADIUS server or the
RADIUS server is down.
NAS IP Address Type the IP address of the NAS (Network Access Server).
Case-sensitive
User Names
Select this if you want configure your username as case-sensitive.
Key Enter a password (up to 15 alphanumeric characters) as the key to be shared between the
external authentication server and the USG.
The key is not sent over the network. This key must be the same on the external
authentication server and the USG.
Group
Membership
Attribute
A RADIUS server defines attributes for its accounts. Select the name and number of the
attribute that the USG is to check to determine to which group a user belongs. If it does
not display, select user-defined and specify the attribute’s number.
This attribute’s value is called a group identifier; it determines to which group a user
belongs. You can add ext-group-user user objects to identify groups based on these
group identifier values.
For example you could have an attribute named “memberOf” with values like “sales”, “RD”,
and “management”. Then you could also create a ext-group-user user object for each
group. One with “sales” as the group identifier, another for “RD” and a third for
“management”.
OK Click OK to save the changes.
Cancel Click Cancel to discard the changes.
Table 215 Configuration > Object > AAA Server > RADIUS > Add (continued)
LABEL DESCRIPTION
To Next Page
Loading...
