Table of Contents
Advertisement
C
H A P T E R
This chapter introduces and shows you how to configure the ZyWALL to use external
authentication servers.
38.1 AAA Server Overview
You can use an AAA (Authentication, Authorization, Accounting) server to provide access
control to your network.
The following lists the types of authentication server the ZyWALL supports.
• Local user database
The ZyWALL uses the built-in local user database to authenticate administrative users
logging into the ZyWALL's web configurator or network access users logging into the
network through the ZyWALL. You can also use the local user database to authenticate
VPN users.
• Directory Service (LDAP/AD)
LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a directory
service that is both a directory and a protocol for controlling access to a network. The
directory consists of a database specialized for fast information retrieval and filtering
activities. You create and store user profile and login information on the external server.
• RADIUS
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular
protocol used to authenticate users by means of an external or built-in RADIUS server.
RADIUS authentication allows you to validate a large number of users from a central
location.
38.1.1 ASAS
ASAS (Authenex Strong Authentication System) is a RADIUS server that works with the
One-Time Password (OTP) feature. Purchase a ZyWALL OTP package in order to use this
feature. The package contains server software and ZyWALL OTP tokens. Do the following to
use OTP. See the documentation included on the ASAS' CD for details.
1 Install the ASAS server software on a computer.
2 Create user accounts on the ZyWALL and in the ASAS server.
3 Import each token's database file (located on the included CD) into the server.
4 Assign users to OTP tokens (on the ASAS server).
ZyWALL USG 1000 User's Guide
38
AAA Server
531
Advertisement
Table of Contents
Troubleshooting
