Authenticating Remote Ipsec Vpn Users Using Dialup Groups - Fortinet FortiGate User Manual

Configuring authenticated access

Authenticating remote IPSec VPN users using dialup groups

1
2
3
4
5
6
7
FortiGate User Authentication Version 1 Guide
01-28007-0233-20050825
An IPSec VPN on a FortiGate unit can authenticate remote users through a dialup
group instead of using peer IDs. For information about authentication using peer
IDs and peer groups, see "Enabling VPN peer identification" in the FortiGate VPN
Guide.
Authentication through user groups is supported for groups containing only local
users. To authenticate users using a RADIUS or LDAP server, you must configure
XAUTH settings. See "Enabling XAuth authentication for dialup IPSec VPN
clients" on page 24.
To configure user group authentication for dialup IPSec - web-based
manager
Configure the dialup users who are permitted to use this VPN. Create a user
group and add them to it.
For more information, see
Go to VPN > IPSec > Phase 1.
Select Create New or select Edit on an existing VPN gateway.
From the Remote Gateway list, select Dialup User.
From the Authentication method list, select Preshared key.
In Peer Options, select Accept peer ID in dialup group and then select the user
group that is to be allowed access to the VPN.
The listed user groups contain only users with passwords on the FortiGate unit.
This peer option does not support authentication of users through an
authentication server.
Select OK.
To configure user group authentication for dialup IPSec - CLI
config vpn ipsec phase1
edit <gateway_name>
set peertype dialup
set usrgrp <user_group_name>
end
"Users and user groups" on page
VPN authentication
15.
23