Amer Networks E5Web GUI User Manual
Page 536
rule since one single rule with XAuth as the agent will be used for all IPsec tunnels.
However, this approach assumes that a single authentication source is used for all
tunnels.
An IP rule allowing client access to core is not required.
v.
L2TP/PPTP/SSL VPN
This is used specifically for L2TP, PPTP or SSL VPN authentication.
An IP rule allowing client access to core is not required.
•
Authentication Source
This specifies that authentication is to be performed using one of the following:
i.
LDAP - Users are looked up in an external LDAP server database.
ii.
RADIUS - An external RADIUS server is used for lookup.
iii.
Disallow - This option explicitly disallows all connections that trigger this rule. Such
connections will never be authenticated.
Any Disallow rules are best located at the end of the authentication rule set.
iv.
Local - A local user database defined within cOS Core is used for looking up user
credentials.
v.
Allow - With this option, all connections that trigger this rule will be authenticated
automatically. No database lookup occurs.
•
Interface
The source interface on which the connections to be authenticated will arrive. This must be
specified.
•
Originator IP
The source IP or network from which new connections will arrive. For XAuth and PPP, this is
the Originator IP.
•
Terminator IP
The terminating IP with which new connections arrive. This is only specified where the
Authentication Agent is PPP.
Connection Timeouts
An Authentication Rule can specify the following timeouts related to a user session:
•
Idle Timeout
How long a connection is idle before being automatically terminated (1800 seconds by
default).
•
Session Timeout
Chapter 8: User Authentication
536