Overview of Configuration Steps |
Installation of SMS PASSCODE server
| Field | Menu | Value |
|---|---|---|
| RADIUS client protection | SMS PASSCODE -> Install Shield Wizard | Enabled |
| Field | Menu | Value |
|---|---|---|
| Enable AD Integration | Settings -> General | Enabled (single domain mode) |
| Mobile number required | Policies -> User Integration Policies | Enabled |
| AD Credentials | Policies -> User Integration Policies | Login/Password |
| Group Name | Policies -> User Integration Policies | e.g. SMS PASSCODE Users |
| Field | Menu | Value |
|---|---|---|
| Enable this RADIUS client | Network Policy Server -> RADIUS Clients | Enabled |
| Friendy name | Network Policy Server -> RADIUS Clients | e.g. SMA Passcode GW |
| Address (IP or DNS) | Network Policy Server -> RADIUS Clients | e.g. 172.16.105.141 |
| Shared secret | Network Policy Server -> RADIUS Clients | e. g. supersecret |
| Field | Menu | Value |
|---|---|---|
| Authentication Type | System Management -> Remote Authentication -> RADIUS -> New | XAUTH |
| Server IP Address | System Management -> Remote Authentication -> RADIUS -> New | e.g. 172.16.105.131 |
| RADIUS Password | System Management -> Remote Authentication -> RADIUS -> New | e. g. supersecret |
| Field | Menu | Value |
|---|---|---|
| IP Pool Name | VPN -> IPSec -> IP Pools -> Add | e.g. IPSec Pool |
| IP Pool Range | VPN -> IPSec -> IP Pools -> Add | e.g. 10.10.10.1 - 10.10.10.100 |
| Field | Menu | Value |
|---|---|---|
| Description | VPN -> IPSec -> XAUTH Profiles -> New | e.g. SMS Passcode |
| Role | VPN -> IPSec -> XAUTH Profiles -> New | Server |
| Mode | VPN -> IPSec -> XAUTH Profiles -> New | RADIUS |
| Field | Menu | Value |
|---|---|---|
| Description | VPN -> IPSec -> IPSec Peers -> New | e.g. SMS Passcode Users |
| Preshared Key | VPN -> IPSec -> IPSec Peers -> New | e. g. supersecret |
| IP Address Assignment | VPN -> IPSec -> IPSec Peers -> New | Server In IKE Configuration Mode |
| IP Assignment Pool | VPN -> IPSec -> IPSec Peers -> New | IPSec Pool |
| Local IP Address | VPN -> IPSec -> IPSec Peers -> New | e.g. 172.16.105.141 |
| Phase 1 Profile | VPN -> IPSec -> IPSec Peers -> New -> Advanced Settings | None (use Default Profile) |
| Phase 2 Profile | VPN -> IPSec -> IPSec Peers -> New -> Advanced Settings | None (use Default Profile) |
| XAUTH Profile | VPN -> IPSec -> IPSec Peers -> New -> Advanced Settings | SMS Passcode |
| Number of Admitted Connections | VPN -> IPSec -> IPSec Peers -> New -> Advanced Settings | Several users |
Configuration of bintec Secure IPSec Client
| Field | Menu | Value |
|---|---|---|
| Connection Type | Wizard for new profile | Connection to company network via IPSec |
| Profile Name | Wizard for new profile | Head Office |
| Connection Medium | Wizard for new profile | LAN (over IP) |
| Gateway (Tunnel Endpoint) | Wizard for new profile | e.g. vpngateway.bintec-elmeg.com |
| Advanced authentication (XAUTH) | Wizard for new profile | Enabled |
| Login name | Wizard for new profile | e.g. mustermann |
| Password | Wizard for new profile | e. g. supersecret |
| Exchange Mode | Wizard for new profile | Aggressive Mode |
| PFS Group | Wizard for new profile | DH Group 2 (1024 Bit) |
| Shared secret | Wizard for new profile | e.g. bintec elmeg |
| Shared Secret (Retry) | Wizard for new profile | e.g. bintec elmeg |
| Type | Wizard for new profile | e.g. Fully Qualified Username |
| ID | Wizard for new profile | e.g. client1@bintec-elmeg.com |
| IP address assignment | Wizard for new profile | Use IKE Config Mode |
| Stateful Inspection | Wizard for new profile | off |
| NetBIOS over IP | Wizard for new profile | Enabled |
| Copyright© Version 08/2020 bintec elmeg GmbH |