1 Reply Latest reply on Jun 3, 2011 2:03 PM by sliedl

    Client To Gateway VPN based on AD users (Identity Based)

      Hi, Can anyone help me configuret he idenity based VPN based for the users present in AD. Only AD users pulled on Fiewall thru MLC should be bale to access it.

      If Yes.. Pls let me now the procedure.


      We are using Fiewall Enterprise 8.1 for evaluation.





        • 1. Re: Client To Gateway VPN based on AD users (Identity Based)

          The MLC is a passive authentication method, and it's only used for Passport creation.  For VPNs, you can use XAUTH as a secondary authenticator (after passwords or certificates).  XAUTH can only use 'active' authenticators, like LDAP, AD, or Password (authenticators where you have to actively enter your credentials).  You cannot use MLC to authenticate users as part of the VPN setup.

          You should be able terminate your VPN in a virtual burb and then setup Passport/MLC on whatever rules you use to pass this VPN traffic through the firewall.  That would require the users on the other end to login to your DC via the VPN somehow (i.e. the domain controller IP needs to be in the protected network of the VPN, from the client's point of view).