SnapGear 2.0.1 User Manual
Page 58
Dialin Setup
54
The following table describes the fields on the Dial-In Setup page:
Field
Description
IP Address for
Dialin clients
Dialin users must be assigned local IP addresses to access
the local network. Specify a free IP address from your local
network that the connected dial-up client will use when
connecting to the CyberGuard SG appliance.
Authentication
Scheme
The authentication scheme is the method the CyberGuard SG
appliance uses to challenge users dialing into the network.
Dialin clients must be configured to use the selected
authentication scheme.
•
MSCHAPv2 is the most secure, and is the only option
that also supports data encryption.
•
CHAP is less secure.
•
PAP (although more common) is even less secure.
•
None means that no username/password
authentication is required for dialin.
Authentication
Database
The authentication database is used to verify the username
and password received from the dialin client.
•
Local means the dialin user accounts created on the
CyberGuard SG appliance. You will need to created
user accounts as described below. This can be used
with any authentication scheme.
•
RADIUS means an external RADIUS server. You will
be prompted to enter the server IP address and
password. This can be used with any authentication
scheme, provided that the RADIUS server also
supports it.
•
TACACS+ means an external TACACS+ server. You
will be prompted to enter the server IP address and
password. This can only be used with the PAP
authentication scheme.
Time Out
If a dialin connection remains inactive, it can be automatically
disconnected after a specified time period. Selecting Enable
idle timeout will disconnect idle connections after 15 minutes.
Idle time can be set between 0 – 99 minutes.
After enabling and configuring the selected CyberGuard SG appliance COM
ports/Modem to support dialin, click Continue to create and configure the dialin user
accounts.