HP 6600 Security Configuration Manual page 412

Password—Authenticates only a user's password.
•
• Password+Certificate—Authenticates a user's password and client certificate.
Certificate—Authenticates only a user's client certificate.
•
RADIUS authentication supports only two authentication policies: password and password+certificate.
Configuring local authentication
Local authentication authenticates users by using the user information saved on the SSL VPN gateway.
This authentication method is the fastest because user information is locally saved, and the SSL VPN
gateway does not need to exchange information with an external authentication server. However, the
number of local users is limited by the capacity of the SSL VPN gateway.
1. Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation tree.
The Local Authentication tab appears.
Figure 174 Local authentication
2. Select an authentication mode for local authentication. Options include Password,
Password+Certificate, and Certificate.
3. Click Apply.
Configuring RADIUS authentication
The RADIUS protocol is a distributed, client/server mode information exchange protocol for protecting
networks against unauthorized access. It is usually deployed in networks that require secure remote
access. The SSL VPN system can cooperate with the existing RADIUS server of an enterprise seamlessly
to provide RADIUS authentication. Users in the enterprise can use their original accounts for RADIUS
authentication through SSL VPN.
To enable RADIUS authentication in the SSL VPN system, first configure a RADIUS scheme named system
at the CLI of the router. For more information about RADIUS and the RADIUS configuration at the CLI, see
"Configuring RADIUS."
For successful RADIUS authentication of a user, you must also configure the account information and the
user group attribute information for the user on the RADIUS authentication server, and make sure the user
groups configured on the RADIUS authentication server exist on the SSL VPN gateway. Otherwise, the
user cannot log in. The maximum number of user groups that the gateway supports is 100. Make sure the
number of user groups specified for a user on the authentication server is equal to or less than the limit.
1. Configure a RADIUS scheme:
A RADIUS scheme defines a set of parameters that the device uses to exchange information with
the RADIUS servers. There might be authentication servers and accounting servers, or primary
servers and secondary servers. The parameters mainly include the IP addresses of the servers, the
shared keys, and the RADIUS server type. By default, no RADIUS scheme exists.
To configure a RADIUS scheme:
a. Select Authentication > RADIUS from the navigation tree.
398