Multitech RF760 User's Guide Page 131
- Page / 189
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
Chapter 7 – User Authentication Methods
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 131
Authentication Setup
Choose one of the following setup methods.
Setting Up RADIUS Authentication
To set up RADIUS Authentication, first you need a RADIUS server on your network. The server can be anywhere on the
Internet, but keep in mind that passwords are transferred in clear text. Therefore, we strongly recommend putting the
RADIUS server somewhere near your RouteFinder and to use a switched Network hub to connect them.
Choosing the RADIUS server is up to you. Below is some generic setup information.
The RouteFinder will send a RADIUS authentication packet with three fields:
1. Username
2. Password in plain text (PAP)
3. The proxy type ("http" or "socks") in the NAS-Identifier field based on these values, your RADIUS server should
just decide to grant or deny access.
Setting Up A Microsoft IAS RADIUS Server
This section explains how to set up a Microsoft IAS (Internet Authentication Server). IAS is delivered with all Windows
2000 Server versions. However, it is often not installed by default. For NT4, IAS comes with the "NT4 Option Pack"
(available for "free"). The Windows 2000 IAS version has many more features than NT4 IAS; however, the NT4 version
is also sufficient for a typical RouteFinder authentication setup. Below are some generic IAS step-by-step instructions.
1. Check if the IAS service is installed. If not, install it.
2. Using NT/2000 User Manager, edit the user profiles of all Users who should use proxy services, and set the
"Dial-In Permission" flag. This is necessary since IAS uses the "master flag" to respond to requests positively.
3. Create a new user group for each proxy service you wish to provide to your users. For clarity, give the groups
descriptive names (for example, call the group "multitech _http_users").
4. Put the users in the newly created groups for using the respective proxy services.
5. Enter the IAS administration interface at
(Start->Programs->Administrative Tools->Internet Authentication Service), and add a new client using
these settings:
Friendly Name: routefinder
Protocol: RADIUS
Client Address: Use the address of the RouteFinder's interface pointing "towards" the RADIUS
server (this will be the "internal" interface for most people).
Client Vendor: RADIUS Standard
Uncheck the Client must always send signature attribute ... box.
Select a shared secret. You will need this later in RouteFinder configuration.
6. Go to the policy list. There is one pre-defined entry. Delete it. Add a new Policy for each proxy service you
wish to provide to your users. Choose the "Friendly Name" accordingly ("SOCKS access" for example).
7. On the next screen, add two conditions:
• NAS-Identifier matches <string> (where <string> is the proxy identifier, currently "socks" or "http")
• Windows-Groups matches <yourgroup> (where <yourgroup> is one of the newly created user groups).
Note: You can add groups from the local machine or from Domains in which the RADIUS server is a member.
User may have to specify the user name as <DOMAIN>\<USER> for authentication to succeed.
8. Choose Grant Remote Access Permission in the next screen.
9. Edit the profile on the next screen. Select the Authentication Tab. Check Unencrypted Authentication (PAP).
10. Click OK and Finish. Remember you need one policy for each proxy service.
11. Configure the RADIUS authentication method on the RouteFinder (you will need the IP of the IAS server and
the shared secret), and use the RADIUS authentication method in User Authentication > RADIUS & SAM
settings.
12. Check the System Log in the NT/2000 Event Viewer; that's where NT/2000 puts information about RADIUS
authentication requests.
- RF760/660/600VPN 1
- Internet Security Appliance 1
- User Guide 1
- Contents 3
- Features, and Overview 7
- Feature Highlights 8
- Ship Kit Contents 9
- License Keys 10
- Safety Warnings 11
- RouteFinder Front Panels 12
- RF600VPN 13
- RouteFinder Back Panels 14
- Specifications 15
- Power & Physical 16
- Description 16
- RF760VPN RF660VPN RF600VPN 16
- The Firewall 17
- Protection Mechanisms 18
- Typical Applications 20
- Chapter 2 – Installation 21
- Planning the Network 22
- Installation Overview 23
- RouteFinder VPN 24
- Sub-Menu 27
- Menus and Sub-Menus 27
- Chapter 3 – Configuration 28
- Second Configuration Step 29
- The Wizard Setup Screen 30
- Set Packet Filters 33
- Set VPN IPSec Protocol 34
- Configuring Site B 35
- Using DNAT and Aliasing 37
- Tunneling 38
- Important Settings 39
- Menu Bar 42
- Administration 43
- System Logging 44
- System Time 44
- SNMP Agent – Community Name 44
- Administration > SSH 45
- SNTP Client 46
- SNTP Server Address 46
- Click Save 49
- Intrusion Detection 51
- Network Intrusion Detection 51
- Administration > Tools 52
- Trace Route 53
- TCP Connect 53
- Prerequisite 55
- RADIUS Prerequisite 56
- SAM Prerequisite 57
- Administration > Restart 58
- Administration > Shutdown 58
- Networks & Services 59
- Add Services 61
- Notes About Protocols 62
- About the Screen 63
- Add Network Group 63
- Add Service Group 64
- Proxy > HTTP Proxy 66
- Add Custom URL List 69
- Proxy > SMTP Proxy 71
- SMTP SPAM Filtering 74
- Proxy > POP3 Proxy 77
- POP3 SPAM Protection 78
- POP3 SPAM Filtering 78
- Proxy > SOCKS Proxy 80
- Proxy > DNS Proxy 82
- Network Setup 83
- Network Setup > Interface 84
- Network Cards 85
- IP Aliases 85
- Network Setup > PPP 86
- Network Setup > PPPoE 87
- Dynamic DNS Settings 89
- Network Setup > Routes 90
- Masquerading 91
- Network Setup > SNAT 92
- Network Setup > DNAT 93
- DHCP Server 94
- Tracking 95
- System Update Server 96
- Virus Update Server 96
- Update Services 97
- System Update - Livelog 97
- Virus Update - Livelog 97
- Tracking > Backup 98
- CVS Settings 100
- Examples 100
- Packet Filters 101
- System Defined Rules 102
- Packet Filters > ICMP 103
- Packet Filters > Advanced 104
- Enable/Disable Logging 105
- VPN > IPSec 106
- Add an IKE Connection 107
- Add a Manual Connection 109
- VPN > x.509 Certificates 111
- VPN > IPSec Bridging 111
- VPN > PPTP 112
- PPTP Settings 113
- User Authentication 113
- Wizard Setup 114
- Packet Filter Rule 115
- Modem Settings 115
- Password Settings 115
- Save or Cancel 115
- Statistics & Logs 116
- Uptime 117
- Statistics and Logs 118
- Networks 118
- Network Connections 119
- Interfaces 120
- SMTP Proxy 121
- Self Monitor 123
- Packet Filter 125
- Port Scans 126
- HTTP Access 127
- Methods 130
- Authentication Setup 131
- Chapter 8 – Frequently Asked 133
- Questions (FAQs) 133
- Chapter 9 – Troubleshooting 139
- 1. Abstract 142
- II. Inbound Access Log 143
- III. Outbound Access Log 145
- VII. Admin Port Access Log 147
- VIII. Startup History Log 147
- IX. User Log 147
- X. Fragmented Dropped Log 147
- XI. ICMP Information 148
- What Is a Rescue Kernel? 149
- Before You Start 149
- ISO Image Directions 149
- External Server 150
- External FTP Server 151
- Software Add-ons, Overnight 153
- Replacement 153
- Top Cover Removal 154
- RF660VPN Processor Upgrade 154
- Software Add-ons 156
- CD-ROM Drive Adapter Pin Out 157
- Housekeeping 158
- Monitoring 158
- Updating 159
- Technical Support Contacts 161
- GNU GENERAL PUBLIC LICENSE 168
- ANY REMEDY HEREUNDER 172
- Support 173
- Limited Warranty 174
- Limitation of Liability 174
- Glossary 176
Related products and manuals for Gateways/controllers Multitech RF760
(23 pages)© 2020, manymanuals.com. All rights reserved. | 1.892 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals