Auth. Method Overview; Before You Begin; Example: Selecting A Vpn Authentication Method - ZyXEL Communications ZyWall 110 User Manual
Hide thumbs
Also See for ZyWall 110:
- User manual (829 pages) ,
- Handbook (749 pages) ,
- Handbook & instructions (255 pages)
Table of Contents
Advertisement
Table 342 Configuration > Object > AAA Server > RADIUS > Add (continued)
LABEL
Key
Group
Membership
Attribute
OK
Cancel
43.11 Auth. Method Overview
Authentication method objects set how the Zyxel Device authenticates wireless, HTTP/HTTPS clients, and
peer IPSec routers (extended authentication) clients. Configure authentication method objects to have
the Zyxel Device use the local user database, and/or the authentication servers and authentication
server groups specified by AAA server objects. By default, user accounts created and stored on the
Zyxel Device are authenticated locally.
• Use the Configuration > Object > Auth. Method screens
manage authentication method objects.
• Use the Configuration > Object > Auth. Method > Two-Factor Authentication screen
on page
872) to configure double-layer security to access a secured network behind the Zyxel
Device via a VPN tunnel, Web Configurator, SSH, or Telnet.
43.11.1 Before You Begin
Configure AAA server objects before you configure authentication method objects.
43.11.2 Example: Selecting a VPN Authentication Method
After you set up an authentication method object in the Auth. Method screens, you can use it in the VPN
Gateway screen to authenticate VPN users for establishing a VPN connection. Refer to the chapter on
VPN for more information.
Follow the steps below to specify the authentication method for a VPN connection.
Access the Configuration > VPN > IPSec VPN > VPN Gateway > Edit screen.
1
Click Show Advance Setting and select Enable Extended Authentication.
2
Chapter 43 Object
DESCRIPTION
Enter a password (up to 15 alphanumeric characters) as the key to be shared between the
external authentication server and the Zyxel Device.
The key is not sent over the network. This key must be the same on the external authentication
server and the Zyxel Device.
A RADIUS server defines attributes for its accounts. Select the name and number of the
attribute that the Zyxel Device is to check to determine to which group a user belongs. If it does
not display, select user-defined and specify the attribute's number.
This attribute's value is called a group identifier; it determines to which group a user belongs.
You can add ext-group-user user objects to identify groups based on these group identifier
values.
For example you could have an attribute named "memberOf" with values like "sales", "RD",
and "management". Then you could also create a ext-group-user user object for each group.
One with "sales" as the group identifier, another for "RD" and a third for "management".
Click OK to save the changes.
Click Cancel to discard the changes.
ZyWALL USG Series User's Guide
(Section 43.11.3 on page
869
870) to create and
(Section 43.11.4
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
