Table of Contents
Advertisement
Figure 3 Authentication server validation flowchart
Authentication
UID
or
Certificate (Cert)
or
Group ID
Group
ID
(IPsec Only)
Certificate
LDAP Cert
No
Subject DN
or Alt Name
Found?
Reject Request
Yes
Assign Group
Attributes
Yes
RADIUS
UID Found?
No
Reject Request
Group ID
RADIUS
Found in
Yes
UID Found?
LDAP?
No
No
Reject Request
UID
LDAP UID
Found?
No
CA
Yes
Allow All
No
Enabled
No
No
Valid ISAKMP
Yes
Signature
(see #1 and #2
below)
Yes
Password
Yes
Correct?
No
Password
Yes
Correct?
Yes
No
Nortel VPN Router Security — Servers, Authentication, and Certificates
Chapter 1 Authentication services 21
Yes
Assign Group
Attributes
Assign
Attributes
from CA
Default
Group
Yes
No
No
CRL
Yes
Yes
CRL Sig
Enabled
Valid
for CA
RADIUS
RADIUS
Yes
Group ID
Class
Attribute
Found in
Returned?
LDAP?
Use Default
No
RADIUS
Group
RADIUS
RADIUS
Class
Group ID
Yes
Attribute
Found in
Returned?
LDAP?
Use Initial
No
Group ID for
Attributes
Reject Request
No
Password
Correct?
Yes
Form Tunnel
No
No
Yes
No
User Cert
Is CRL
Revoked?
Within
Lifetime
Assign
Yes
RADIUS
Group
Attributes
Form Tunnel
Assign
RADIUS
Yes
Group
Attributes
Form Tunnel
Form Tunnel
Yes
Client Side
Auth. of
Server
Successful
Send Server
Cert and
ISAKMP Sig
Yes
Advertisement
Table of Contents
