Celestix E6600 Installation Manual page 34

E series
Table of Contents

Advertisement

Enable for mobile computers only – allow only mobile computers in the specified
iv.
security groups to connect through DirectAccess.
Important: Remote Access will create a WMI filter that will only allow mobile
computers to join DirectAccess security groups. This setting requires that the
administrator account configured for Remote Access have create/modify privileges.
Enable Windows 7 Client Support – select for environments that require support for
v.
Windows 7 clients.
IPsec Root Certificate – conditional; designate a certificate to validate
vi.
authentication for client connections; required for Windows 7 users, and
recommended for Windows 8. See the following:
Intermediate CA – select if the certificate was not imported from the domain root CA.
vii.
viii.
Click Next.
2. VPN
a. Address Assignment
Assign addresses automatically – use DHCP to assign client addresses.
i.
Assign addresses from a static address pool – enter a range of IP addresses that
ii.
RRAS will assign to clients when they connect to the network.
b. Authentication
Use Windows Authentication – use AD to authenticate users.
i.
Use RADIUS Authentication – configure VPN connections to use RADIUS
ii.
authentication.
3. Finish – review the settings; click Next to configure.
Configure DirectAccess services only
1. DirectAccess
a. Basic – define the appliance location and the URL that clients will use to access resources.
i.
Select the type of network environment:
33
• The infrastructure connection remains active, so manage out capabilities are
not affected.
• If GPOs are used to push security certificates to domain servers, use the
Certificate drop menu to select the certificate issued from the domain root CA.
• If the certificate needs to be added manually, use the import feature:
1. Click the Import button.
a. Certificate Import – navigate to and select the certificate that
will be used for authentication.
b. Password – enter the certificate passphrase.
c. Click the Import button.
2. The imported certificate should display in the Certificate field. If not,
use the drop menu to select it.
Enter the start and end IP addresses to define the range.
1. Radius Server – designate the server name or IP address.
2. Shared Secret – create a secret to authenticate communication between the
appliance and RADIUS server.
3. Confirm – confirm the shared secret.
4. Timeout – the default is usually sufficient, but customize the duration the
appliance will try to connect to the RADIUS server as necessary.
5. Score – the default is usually sufficient, but customize the initial
responsiveness score as necessary.
6. Port – the default is UPD 1812 for authentication. Legacy RADIUS servers
may use 1646.
7. Always use message authenticator – select if the attribute Request must
contain the Message Authenticator attribute has been configured on the
RADIUS server.
• Edge – requires two network adapters; one to the public Internet and one to
the internal network.
E Series Installation Guide

Advertisement

Table of Contents
loading

Table of Contents