Auth. Method Overview; Before You Begin; Example: Selecting A Vpn Authentication Method - ZyXEL Communications USG40 User Manual

Table 246 Configuration > Object > AAA Server > RADIUS > Add (continued)
LABEL
Timeout
NAS IP Address
Case-sensitive
User Names
Key
Group
Membership
Attribute
OK
Cancel

32.9 Auth. Method Overview

Authentication method objects set how the ZyWALL/USG authenticates wireless, HTTP/HTTPS
clients, and peer IPSec routers (extended authentication) clients. Configure authentication method
objects to have the ZyWALL/USG use the local user database, and/or the authentication servers
and authentication server groups specified by AAA server objects. By default, user accounts created
and stored on the ZyWALL/USG are authenticated locally.
• Use the Configuration > Object > Auth. Method screens
create and manage authentication method objects.

32.9.1 Before You Begin

Configure AAA server objects before you configure authentication method objects.

32.9.2 Example: Selecting a VPN Authentication Method

After you set up an authentication method object in the Auth. Method screens, you can use it in
the VPN Gateway screen to authenticate VPN users for establishing a VPN connection. Refer to the
chapter on VPN for more information.
Follow the steps below to specify the authentication method for a VPN connection.
Chapter 32 Object
DESCRIPTION
Specify the timeout period (between 1 and 300 seconds) before the ZyWALL/USG
disconnects from the RADIUS server. In this case, user authentication fails.
Search timeout occurs when either the user information is not in the RADIUS server or the
RADIUS server is down.
Type the IP address of the NAS (Network Access Server).
Select this if you want configure your username as case-sensitive.
Enter a password (up to 15 alphanumeric characters) as the key to be shared between the
external authentication server and the ZyWALL/USG.
The key is not sent over the network. This key must be the same on the external
authentication server and the ZyWALL/USG.
A RADIUS server defines attributes for its accounts. Select the name and number of the
attribute that the ZyWALL/USG is to check to determine to which group a user belongs. If
it does not display, select user-defined and specify the attribute's number.
This attribute's value is called a group identifier; it determines to which group a user
belongs. You can add ext-group-user user objects to identify groups based on these
group identifier values.
For example you could have an attribute named "memberOf" with values like "sales", "RD",
and "management". Then you could also create a ext-group-user user object for each
group. One with "sales" as the group identifier, another for "RD" and a third for
"management".
Click OK to save the changes.
Click Cancel to discard the changes.
ZyWALL/USG Series User's Guide
(Section 32.9.3 on page
576
577) to