Chapter 40 AAA Server
40.1.2 RADIUS Server Overview
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular
protocol used to authenticate users by means of an external server instead of (or
in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS authentication allows you to validate a
large number of users from a central location.
Figure 426 RADIUS Server Network Example
40.1.3 ASAS
ASAS (Authenex Strong Authentication System) is a RADIUS server that works
with the One-Time Password (OTP) feature. Purchase a ZyWALL OTP package in
order to use this feature. The package contains server software and physical OTP
tokens (PIN generators). Do the following to use OTP. See the documentation
included on the ASAS' CD for details.
Install the ASAS server software on a computer.
1
Create user accounts on the ZyWALL and in the ASAS server.
2
Import each token's database file (located on the included CD) into the server.
3
Assign users to OTP tokens (on the ASAS server).
4
Configure the ASAS as a RADIUS server in the ZyWALL's Object > AAA Server
5
screens.
Give the OTP tokens to (local or remote) users.
6
40.1.4 What You Can Do Using The AAA Screens
• Use the Object > AAA Server > Active Directory (or LDAP) screens
40.2.1 on page
settings.
• Use the Object > AAA Server > RADIUS screen
to configure the default external RADIUS server to use for user authentication.
648
651) to configure the Active Directory or LDAP default server
(Section
(Section 40.4 on page
ZyWALL USG 2000 User's Guide
654)