Example: Configuring Xauth Authentication With External User Group - Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Example: Configuring XAuth Authentication with External User Group

588
can use static or dynamic routes, however, this example details only the static route
creation. For each device, you will create two routes using the trust virtual router (trust-vr):
A route from 0.0.0.0/0 to eth3 in the untrust zone. This routes traffic from the trust
zone through eth3 in the untrust zone, then to the next hop (default) gateway.
A route from the tunnel.1 interface (autogenerated by VPN Manager) to the untrust
zone of the remote VPN node. This routes traffic destined for the remote VPN node
through the tunnel.1 interface (where the packets are encapsulated), with a default
next hop gateway of 0.0.0.0/0.
Configure the route on the Tokyo security device.
In Device Manager, double-click the device to open the device configuration dialog
1.
box. Select Network > Virtual Router to display the list of virtual routers on the
device.
Double-click the trust-vr route to open the vr for editing. In the virtual router dialog
2.
box, click Routing Table, then click the Add icon under destination-based Routing
Table to add a new static route.
Configure a route from the untrust interface to the gateway.
3.
Configure route from the trust zone to the tunnel interface.
4.
Click OK to save your changes to the virtual router, then click OK to save your changes
5.
to the Tokyo device.
Configure the route on the Paris security device:
6.
In Device Manager, double-click the device to open the device configuration dialog
7.
box. Select Network > Virtual Router to display the list of virtual routers on the
device.
Double-click the trust-vr route to open the vr for editing. In the virtual router dialog
8.
box, click Routing Table, then click the Add icon under destination-based Routing
Table to add a new static route.
Configure a route from the untrust interface to the gateway.
9.
Configure route from the trust zone to the tunnel interface.
10.
Click OK to save your changes to the virtual router, then click OK to save your changes
11.
to the Paris device.
In this example, you use a VPN to enable access for a group of resellers who require
access to FTP servers in the corporate LAN. First, you must configure the RADIUS server
using the custom port 4500 (default is 1645), then add an authentication server object
in NSM to represent that server.
Next, to manage the users in this example, you define an external user group in two
places: on the external RADIUS auth server and in NSM.
Copyright © 2010, Juniper Networks, Inc.