Configuration of the VPN gateway |
In this scenario as regards the VPN configuration on the bintec gateway, an IPSec peer configuration entry is created which allows the simultaneous connection of multiple clients (IPSec Multi-User). Following the IPSec pre-shared key authentication, the one-time authentication between the bintec VPN client and the SMS PASSCODE™ server is completed via the RADIUS server.
![]() |
Note |
---|---|
Instead of the Multi-User IPSec configuation, there is also the option to create a separate IPSec peer configuration entry for each VPN client. The priority of the Multi-User IPSec peer must always be lower than other IPSec peer configuration entries. |
In order to connect the RADUIS server to the bintec VPN gateway, go to the following menu:
Go to System Management -> Remote Authentication -> RADIUS ->New.
System Management->Remote Authentication->RADIUS->New
Proceed as follows:
Select Authentication Type XAUTH in order to enable authentication via the Windows Server.
Enter theServer IP Address, e.g. 172.16.105.131 , to communicate with the Microsoft RADIUS server.
Enter the shared password used for communication between the RADIUS server and your device, e.g. supersecret .
Press OK to confirm your entries.
An address pool must be created in order to assign an IP pool to the VPN profile of the Multi-User IPSec peer.
Go to VPN -> IPSec -> IP Pools -> Add .
VPN -> IPSec -> IP Pools -> Add
Proceed as follows:
Enter the name of the IP pool for IP Pool Name, e.g. IPSec-Pool .
For IP Pool Range, enter the first IP address of the address pool in the first field, e.g. 10.10.10.1 .
Enter the last IP address of the address pool in the second field, e.g. 10.10.10.100 .
Click Add.
A profile must then be created in order to be able to refer to the RADIUS server.
Go to VPN -> IPSec -> XAUTH Profiles -> New.
VPN -> IPSec -> XAUTH Profiles-> New
Proceed as follows in order to set up a profile:
Enter a Description for this XAuth profile, e.g. SMS Passcode .
Select the Role of the gateway for the XAuth authentication; in this instance, Server .
Under Mode select RADIUS . Authentication is carried out via the RADIUS server.
Confirm with OK.
Now the actual IPSec Peer is created.
Go to VPN -> IPSec -> IPSec Peers -> New.
VPN -> IPSec -> IPSec Peers -> New
Proceed as follows:
Enter a Description of the peer which identifies it, e.g. SMS Passcode User .
In this scenario, no IPSec peer ID is saved in order to enable the Multi-User IPSec connections.
Under Preshared Key enter the password agreed with the peer, e.g. supersecret .
For IP Address Assignment, select the configuration mode of the interface; in this instance, Server In IKE Configuration Mode .
Select a configured IP Assignment Pool, e.g. IPSec Pool .
Enter the LAN IP address of the VPN gateway under Local IP Address, e.g. 172.16.105.141 .
Click Advanced Settings.
If selecting None (Use Standard Profile) , the profile indicated as standard in Phase 1 Profile/Phase 2 Profile is used.
Select the XAUTH Profile that has already been configured, e.g. SMS Passcode .
For Number of Admitted Connections, set it to Multiple Users in order to enable IPSec Multi-User mode.
Leave the remaining settings unchanged and confirm them with OK.
Copyright© Version 08/2020 bintec elmeg GmbH |