Screen OS

HI All,

I have scenario like this:

- i want to connect IPSec VPN using Netscreen Remote to Juniper SSG over internet. when user want to access corporate resource they have to using username and password in Netscreen Remote Client software.

The question is:

1. is it possible to use external authantication server like radius or AD to combine with SSG?. So when client want to connect IPSec VPN  to SSG using Netscreen Remote they have to insert username and password that store in AD or Radius. so when SSG accept username and pasword information from the user, SSG will check to AD or Radius to make clarification the user information wheter valid or not.

2. can we set static IP address for the VPN user based on username checking?. let say when User A connect VPN to SSG, the user will always get the same IP address.

I need suggestion from all of you guys..

Regards,

Andre

Thank you

Hi,

Yes, you can use RADIUS, SecurID and LDAP servers to authenticate XAuth users.

While creating an IKE + Xauth user account (this is what you need) you can assign a static IP or refer to an IP pool for the dynamic IP assignment.

Hi Andre,

Have a look at the KB articles KB8535, KB4183, KB4182, KB4184. But for better understanding I would recommend Concepts and Examples, Vol. "User authentication". This documentation is very good and contains various realistic examples. 

Hi,

I will check it..

Thank you for your suggestion...

Regards,

Andre