beautypg.com

Panasonic NN46110-600 User Manual

Page 45

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

background image

Chapter 2 Configuring servers 35

b

In the

Connection

section, enter the port number (default 389) and the

associated SSL port number (default 636) that your LDAP server listens

to queries on.

c

Enter the

bind distinguished name (DN)

, which is the LDAP equivalent

of a user ID and is required to access the base DN and its subentries.

Leave this field blank if your LDAP server allows anonymous access.

d

Enter the

bind password

, which can consist of up to 32 characters. The

VPN Router uses this password to prove its identity (the bind DN) to the
LDAP server.

3

In the

Username/Password Access

section, you can use case-insensitive

character strings in LDAP search filters. The default value for each field is

blank. If you do not supply a value, the authentication fails. Enter the user

name and password. To enable additional policy checking, specify an LDAP

search filter, which can be a case-insensitive character string (default is

blank).

4

Use the

User Certificate Access

section to add digital certificates support for

authentication:

a

Enter the

Subject DN

attribute, such as common name, organizational

unit, organization, and country.

b

Enter the

Subject Alternative Name

attribute.

c

Enter the

Certificate Authority (CA)

attribute.

d

Enter the

LDAP filter

name.

5

In the

User Policy Attributes

section, specify attributes used to store the

VPN Router group, static IP address/netmask, and customized user filter.

6

Click the

SSL Encryption

link to go to the

LDAP server SSL encryption

window. Select the encryption types the VPN Router uses during negotiation
with the external LDAP server.

7

To change the order in which the VPN Router applies authentication, select

Services > IPsec

and click

Swap Server Order 2 and 3

. External LDAP

proxy is disabled by default and you must add it as an option before you can

swap it.

8

Select

Profiles > Groups

to add or select the group that you want as the

default group for LDAP users (this is the group a user is assigned to if the

LDAP server does not send back a class attribute).

Nortel VPN Router Security — Servers, Authentication, and Certificates

See also other documents in the category Panasonic Routers: