Configure RADIUS Server Authentication with Active Directory Users and Groups For Mobile VPN Users

When you use Mobile VPN with L2TP or Mobile VPN with PPTP to authenticate users to your network, you can use the user accounts from your Active Directory server database to authenticate users with your RADIUS server and the RADIUS protocol. You must configure the Mobile VPN settings on your XTM device to enable RADIUS authentication, configure your RADIUS server to get user credentials from your Active Directory database, and configure your Active Directory and RADIUS servers to communicate with your XTM device.

Before You Begin

Before you configure your XTM device to use your Active Directory and RADIUS servers to authenticate your Mobile VPN with L2TP or Mobile VPN with PPTP users, make sure that the settings described in this section are configured on your RADIUS and Active Directory servers. Windows 2008 and 2003 Server are the supported RADIUS server platforms.

For complete instructions to configure your RADIUS server or Active Directory server, see the vendor documentation for each server.

Configure NPS for a Windows 2008 Server

Configure IAS for a Windows 2003 Server

Configure Active Directory Settings

When you configure these settings for your Active Directory server, you enable your RADIUS server to contact your Active Directory server for the user credentials and group information stored in your Active Directory database.

Enable Active Directory Behind a RADIUS Server Authentication for Mobile VPN on Your XTM Device

Before your users can use Mobile VPN with L2TP or Mobile VPN with PPTP to authenticate to your network with their Active Directory credentials, you must enable your XTM device to use a RADIUS server for Mobile VPN with L2TP or Mobile VPN with PPTP authentication.

Before you configure the Mobile VPN with L2TP or Mobile VPN with PPTP settings, make sure that you have added your RADIUS server to the Authentication Servers list on your XTM device. The RADIUS server must have the same IP address and shared secret that you specified when you configured the NPS or IAS settings for your RADIUS server.

For more information about how to add a RADIUS authentication server, see Configure RADIUS Server Authentication.

Configure Mobile VPN with L2TP Settings

By default, Firebox-DB is the selected server for authentication. When you configure Mobile VPN to use your RADIUS server, you can use Firebox-DB for a secondary authentication database if the RADIUS server is not available.

To enable RADIUS server authentication for Mobile VPN with L2TP users:

  1. Select VPN > Mobile VPN with L2TP.
  2. Click Configure.
    The Mobile VPN with L2TP page appears.
  3. Select the Authentication tab.
  4. In the Authentication Server list, select the check box for your RADIUS server.
  5. If the RADIUS server is not the first server in the Authentication Server list, click Make Default.
    The RADIUS server moves to the top of the list.
  6. To only use the RADIUS server for authentication, clear the Firebox-DB check box.
  7. In the Authentication Users and Groups list, make sure the L2TP-Users group appears.
    The Authentication Server can be Any or RADIUS.
  8. Make any additional changes to the Mobile VPN with L2TP configuration.

For more information about how to configure the settings for Mobile VPN with L2TP, see Edit the Mobile VPN with L2TP Configuration.

Configure Mobile VPN with PPTP Settings

To enable RADIUS server authentication for Mobile VPN with PPTP users:

  1. Select VPN > Mobile VPN with PPTP.
  2. Select the Use RADIUS authentication for PPTP users check box.

For more information about how to configure the settings for Mobile VPN with PPTP, see Configure Mobile VPN with PPTP.

See Also

About L2TP User Authentication

Edit the Mobile VPN with L2TP Configuration

Configure Mobile VPN with PPTP

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base