3.
Click OK
D. Configure the authentication rule for the tunnel:
1.
Go to: Policies > User Authentication > Authentication Rules > Add > Authentication
Rule
2.
Now enter:
•
Name: my_ikev2_auth_rule
•
Authentication agent: EAP
•
Authentication source: RADIUS
•
Interface: any
•
Originator IP: all-nets
3.
Select Authentication Options
4.
Under RADIUS servers, add my_radius_server
5.
Click OK
9.4.6. Fetching CRLs from an alternate LDAP server
A Root Certificate usually includes the IP address or hostname of the Certificate Authority to
contact when certificates or CRLs need to be downloaded to the NetDefend Firewall. Lightweight
Directory Access Protocol (LDAP) is used for these downloads.
However, in some scenarios, this information is missing, or the administrator wishes to use
another LDAP server. The LDAP configuration section can then be used to manually specify
alternate LDAP servers.
Example 9.10. Setting up an LDAP server
This example shows how to manually setup and specify an LDAP server.
Command-Line Interface
gw-world:/> add LDAPServer
Web Interface
1.
Go to: Objects > VPN Objects > LDAP > Add > LDAP Server
2.
Now enter:
Host=192.168.101.146
Username=myusername
Password=mypassword
Port=389
719
Chapter 9: VPN