294
8
8. Manage Users, Authentication, and
VPN Certificates
This chapter describes how to manage users, authentication, and security certificates for IPSec
VPN and SSL VPN. The chapter contains the following sections:
• The Wireless VPN Firewall’s Authentication Process and Options
• Configure Authentication Domains, Groups, and Users
• Manage Digital Certificates for VPN Connections
The Wireless VPN Firewall’s Authentication Process and
Options
Users are assigned to a group, and a group is assigned to a domain. Therefore, you should
first create any domains, then groups, then user accounts.
Note: Do not confuse the authentication groups with the LAN groups that
are discussed in
Manage IPv4 Groups and Hosts (IPv4 LAN
Groups) on page 67.
You need to create name and password accounts for all users who need to be able to
conn
ect to the wireless VPN firewall. This includes administrators, guests, and SSL VPN
clients. Accounts for IPSec VPN clients are required only if you have enabled extended
authentication (XAUTH) in your IPSec VPN configuration.
Users connecting to the wireless VPN firewall need to be authenticated before being allowed
to access the
wireless VPN firewall or the VPN-protected network. The login screen that is
presented to the user requires three items: a user name, a password, and a domain
selection. The domain determines the authentication method that is used and, for SSL
connections, the portal layout that is presented.
Note: IPSec VPN and L2TP users do not belong to a domain and are not
assigned to a group.