D-Link DFL-260-IPS-12 Product Manual - Page 367
Connection Timeouts, Authentication Source, Interface, Originator IP, Terminator IP, Idle Timeout
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 367 highlights
8.2.5. Authentication Rules Chapter 8. User Authentication This is the IKE authentication method which is used as part of VPN tunnel establishment with IPsec. XAuth is an extension to the normal IKE exchange and provides an addition to normal IPsec security which means that clients accessing a VPN must provide a login username and password. It should be noted that an interface value is not entered with an XAuth authentication rule since one single rule with XAuth as the agent will be used for all IPsec tunnels. However, this approach assumes that a single authentication source is used for all tunnels. iv. PPP This is used specifically for L2TP or PPTP authentication. • Authentication Source This specifies that authentication is to be performed using one of the following: i. LDAP - Users are looked up in an external LDAP server database. ii. RADIUS - An external RADIUS server is used for lookup. iii. Disallow - This option explicitly disallows all connections that trigger this rule. Such connections will never be authenticated. Any Disallow rules are best located at the end of the authentication rule set. iv. Local - The local database defined within NetDefendOS is used for user lookup. v. Allow - This option allows all connections that trigger this rule. With this option, all connections that trigger this rule will be authenticated. No authentication database lookup occurs. • Interface The source interface on which the connections to be authenticated will arrive. This must be specified. • Originator IP The source IP or network from which new connections will arrive. For XAuth and PPP, this is the tunnel originator IP. • Terminator IP The terminating IP with which new connections arrive. This is only specified where the Authentication Agent is PPP. Connection Timeouts An Authentication Rule can specify the following timeouts related to a user session: • Idle Timeout How long a connection is idle before being automatically terminated (1800 seconds by default). • Session Timeout 367