SRX Services Gateway
SRX Services Gateway

How to divide users on the Radius-server (IAS)

11.04.10   |  
‎11-04-2010 01:15 PM

I use the same radius-server (IAS) for Web authentication and Dynamic vpn.  But thus Dynamic VPN users can use the login for access to Web authentication. How can I restrict it? Can SRX send different identificator for Dynamic VPN and Web authentication.

SRX240H v10.3

3 REPLIES
SRX Services Gateway

Re: How to divide users on the Radius-server (IAS)

11.04.10   |  
‎11-04-2010 02:25 PM

Would you be able to assign those users to the unauthorized class?

 

mawr

SRX Services Gateway

Re: How to divide users on the Radius-server (IAS)

11.08.10   |  
‎11-08-2010 02:30 AM

Unauthorized class? What is it?

SRX Services Gateway

Re: How to divide users on the Radius-server (IAS)

11.08.10   |  
‎11-08-2010 08:41 AM

ed1976 wrote:

Unauthorized class? What is it?


According to what I've read this should be possible by assigning the remote user template to the unauthorized class of permissions.

 

http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-admin-guid...

 

So essentially you'd type set system login user remote class unauthorized.  It may need tweaking to allow for Dynamic VPN access though.

 

Hope this helps.

 

mawr