Contents

Related Topics

RADIUS Authentication with Active Directory For Mobile VPN Users

You can configure your Firebox so that mobile VPN users with Active Directory accounts can authenticate through your RADIUS server.

You must configure the Mobile VPN settings on your Firebox to enable RADIUS authentication, configure your RADIUS server to get user credentials from your Active Directory database, and configure your Active Directory and RADIUS servers to communicate with your Firebox.

Before You Begin

Before you configure your Firebox to use your Active Directory and RADIUS servers to authenticate your Mobile VPN with L2TP or Mobile VPN with PPTP users, make sure that the settings described in this section are configured on your RADIUS and Active Directory servers.

For complete instructions to configure your RADIUS server or Active Directory server, see the vendor documentation for each server.

Configure Network Policy Server (NPS) for a Windows 2016 or 2012 R2 Server

NPS is the Microsoft implementation of RADIUS.

  • In Windows Server Manager, install Network Policy Server, which is part of the Network Policy and Access Services role.
  • Register the NPS server in Active Directory so that NPS has permissions to access Active Directory user account credentials.
  • Add your Firebox as a RADIUS client. You must include the IP address of your Firebox, specify the RADIUS Standard vendor, and set a manual shared secret for the RADIUS client and Firebox.
  • Configure the default Connection Request Policy with these settings:
    • Specify unencrypted authentication (PAP or SPAP).
    • Add the attribute Filter-ID to the policy and specify L2TP-Users or PPTP-Users as the value.
    • Specify Access granted as the access permissions for the policy, and do not specify an EAP type.
  • In the settings for Connections to other access servers, grant access.

For step-by-step instructions, see Configure Windows Server 2012 R2 to authenticate PPTP or L2TP users with RADIUS and Active Directory in the WatchGuard Knowledge Base.

Configure Internet Authentication (IAS) for a Windows 2003 Server

Configure Active Directory Settings

When you configure these settings for your Active Directory server, you enable your RADIUS server to contact your Active Directory server for the user credentials and group information stored in your Active Directory database.

  • In Active Directory Users and Computers on your Active Directory server, make sure that the remote access permissions are configured to Allow access to users.
  • Register NPS or IAS to your Active Directory server.

Enable RADIUS Authentication with Active Directory for Mobile VPN

Before your users can use Mobile VPN with L2TP or Mobile VPN with PPTP to authenticate to your network with their Active Directory credentials, you must enable your Firebox to use a RADIUS server for Mobile VPN with L2TP or Mobile VPN with PPTP authentication.

Before you configure the Mobile VPN with L2TP or Mobile VPN with PPTP settings, make sure that you have added your RADIUS server to the Authentication Servers list on your Firebox. The RADIUS server must have the same IP address and shared secret that you specified when you configured the NPS or IAS settings for your RADIUS server.

For more information about how to add a RADIUS authentication server, see Configure RADIUS Server Authentication.

Configure Mobile VPN with L2TP Settings

By default, Firebox-DB is the selected server for authentication. When you configure Mobile VPN to use your RADIUS server, you can use Firebox-DB for a secondary authentication database if the RADIUS server is not available.

To enable RADIUS server authentication for Mobile VPN with L2TP users, from Fireware Web UI:

  1. Select VPN > Mobile VPN with L2TP.
  2. Click Configure.
    The Mobile VPN with L2TP page appears.
  3. Select the Authentication tab.
  4. In the Authentication Server list, select the check box for your RADIUS server.
  5. If the RADIUS server is not the first server in the Authentication Server list, click Make Default.
    The RADIUS server moves to the top of the list.
  6. To only use the RADIUS server for authentication, clear the Firebox-DB check box.
  7. In the Authentication Users and Groups list, make sure the L2TP-Users group appears.
    The Authentication Server can be Any or RADIUS.
  8. Make any additional changes to the Mobile VPN with L2TP configuration.

To enable RADIUS server authentication for Mobile VPN with L2TP users, from Policy Manager:

  1. Select VPN > Mobile VPN > L2TP > Configure.
    The Mobile VPN with L2TP Configuration dialog box appears.
  2. Select the Authentication tab.
  3. In the Authentication Server list, select the check box for your RADIUS server.
  4. If the RADIUS server is not the first server in the Authentication Server list, click Make Default.
    The RADIUS server moves to the top of the list.
  5. To only use the RADIUS server for authentication, clear the Firebox-DB check box.
  6. In the Authorized Users and Groups list, make sure the L2TP-Users group appears.
    The Authentication Server can be Any or RADIUS.
  7. Make any additional changes to the Mobile VPN with L2TP configuration.

For more information about how to configure the settings for Mobile VPN with L2TP, see Edit the Mobile VPN with L2TP Configuration.

Configure Mobile VPN with PPTP Settings

To enable RADIUS server authentication for Mobile VPN with PPTP users, from Fireware Web UI:

  1. Select VPN > Mobile VPN with PPTP.
  2. Select the Use RADIUS authentication for PPTP users check box.

To enable RADIUS server authentication for Mobile VPN with PPTP users, from Policy Manager:

  1. Select VPN > Mobile VPN > PPTP.
    The Mobile VPN with PPTP Configuration dialog box appears.
  2. Select the Use RADIUS to authenticate Mobile VPN with PPTP users check box

For more information about how to configure the settings for Mobile VPN with PPTP from Fireware Web UI, see Configure Mobile VPN with PPTP.

See Also

About L2TP User Authentication

Edit the Mobile VPN with L2TP Configuration

Configure Mobile VPN with PPTP

Give Us Feedback     Get Support     All Product Documentation     Technical Search