R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

361

362

363

364

365

366

367

368

369

370

361

NOTE:

• To enable RADIUS authentication in the SSL VPN system, navigate to User > RADIUS pa

e to confi

ure

a RADIUS scheme named system. If the RADIUS server is an IMC server, you must specify the service

type as Extended in the RADIUS scheme. For more configuration information, see

Access Control

Configuration Guide

• For successful RADIUS authentication of a user, you must also confi

ure the account information and the

user group attribute information for the user on the RADIUS authentication server, and make sure that

the user groups configured on the RADIUS authentication server exist on the SSL VPN gateway.

Otherwise, the user cannot log in. The gateway supports up to 16 user

roups for a user. Make sure tha

the number of user groups specified for a user on the authentication server is equal to or less than the

limit.

Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation tree. Click the

RADIUS Authentication tab to enter the RADIUS authentication configuration page, as shown in Figure

Figure 252 RADIUS authentication

Table 53 Configuration items

Item Descri

tion

Enable RADIUS

authentication

Select this item to enable RADIUS authentication.

Authentication policy

Select an authentication policy for RADIUS authentication. Options include Password

and Password+Certificate.

Enable RADIUS

accounting

Select this item to enable RADIUS accounting.

Upload virtual

address

With this item selected, the system uploads the IP address of the client's virtual network

adapter to the RADIUS server after RADIUS accounting succeeds.

Configuring LDAP authentication

The Lightweight Directory Access Protocol (LDAP) is a cross-platform, standard directory service system

that is based on TCP/IP. It is developed on the basis of the X.500 protocol but is better than X.500 in

data reading, browsing, and search.

LDAP is suitable for saving data that will not change frequently. A typical application of LDAP is to save

user information of a system. For example, Microsoft Windows operating systems use an Active Directory

Server to save user information and user group information, providing LDAP based authentication and

authorization for Windows users. The SSL VPN system can cooperate with an LDAP server to provide

LDAP authentication and obtain resource access rights for users.