Table of Contents
Advertisement
Network and Security Manager Administration Guide
Configuring External User Groups
406
In the navigation tree, double-click the Object Manager, select User Objects, then
1.
select External Users. In the main display area, click the Add icon and select New to
display the New External User dialog box.
Enter a name, color, and comment for the external user.
2.
Click OK to save the external user object.
3.
External User Group objects represent user groups that are managed on non-security
devices, such as an external RADIUS or SecureID server. When an external user group is
included in a security policy (under Authentication rule options), the security device uses
the external server to authenticate those users.
To use an external user group in a VPN, however, you must also create local user objects
with IKE authentication for each external user. In phase 1 of IKE negotiations, the security
device authenticates the external user group using the RADIUS server. In phase 2 of IKE
negotiations, the device uses the local user object or local user group for authentication.
Typically, you configure the local user object with IKE authentication and a U-FQDN
(e-mail address); during phase 2, the device prompts the user for their U-FQDN for
authentication.
To add an external user group object:
In the navigation tree, select Object Manager > User Objects > External User Groups.
1.
In the main display area, click the Add icon and select New to display the New External
Group dialog box.
Enter a name for the external user group. The name must match the name of the user
2.
group as configured on the external server.
Enter a color and comment for the external user group.
3.
Configure the authentication methods for the user group:
4.
XAuth. Enables XAuth authentication for the user group.
Auth. Enables local authentication against a username and password stored in a
security device's local database.
NOTE: All passwords handled by NSM are case-sensitive.
L2TP. Enables authentication in the L2TP tunnel that users in the group use to
connect to the device.
Click OK to save the new group.
5.
Using Radius with User Groups
In this example, you configure an external RADIUS auth server named radius1 and define
an external auth user group named auth_grp2. You define the external auth user group
auth_grp2 in two places: External RADIUS auth server " radius1," and in NSM. For the
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers