Configuring radius authentication – Panasonic NN46110-600 User Manual

42

Chapter 2 Configuring servers

The VPN Router acts as a RADIUS accounting client to external RADIUS

accounting servers. You enable accounting on the Servers > RADIUS Acct

window. External accounting servers are located on either public or private

networks. The packet flow is from the IP address/port that you configure on the

Servers > RADIUS Acct > External RADIUS Accounting Server > Interface

window to external servers and back. You configure filters on the Services >
Available > RADIUS Accounting (public and private) window. You can use the

RADIUS Authentication Servers window to configure up to three servers for
remote authentication. It is imperative that the RADIUS servers contain the same
user data. The VPN Router uses the alternative RADIUS servers only when it
receives no response from the primary RADIUS server.

Most RADIUS servers support CHAP and PAP authentication, and some support

MS-CHAP (Funk, for example).

Note:

If you require PPTP-encrypted tunnels and RADIUS

authentication, then you must use a RADIUS server that supports

MS-CHAP. The alternative is to use an LDAP server for PPTP

authentication.

Configuring RADIUS authentication

The VPN Router supports authentication against a RADIUS server. This server
can reside on either a private or public network that is connected to the VPN

Router. To enable RADIUS authentication, you must configure the VPN Router

with the RADIUS server host name, port number (typically 1645, but port 1812 is

the RFC standard), and a shared secret. You access the VPN Router management

window from the Servers > RADIUS Authentication window.

You also use the RADIUS Authentication window to configure the type of

authentication methods that can access the RADIUS server. There are five

options, of which only four are IPsec-related:

•

RESPONSE

•

MS-CHAP-V2

•

CHAP

•

PAP

NN46110-600