Loading

Authentication Server Architekturen für den Entreprise VPN Zugriff

VPN access with Authentication Server can be based on multiple architectures depending on the User Authentication method selected. For each typical architecture, you'll find several tutorials involving various Authentication Servers (AAA server, Radius server, ..), various Tokens (OTP One Time Password, USB Tokens, RSA SecurID Token,..), and various protocols (X-Auth, IKE/IPSec, ..).

Architecture 1: OTP Token with Radius Server

In this architecture, the remote user will use an OTP Token (One Time Password) combined with X-Auth as a method for User Authentication. Upon reception of authentication request, the VPN Router will query a Radius Server (internal or external) to check user login/password and eventually open VPN tunnel for that user. TheGreenBow VPN Client Software has to be configured in X-Auth mode.


Architecture 2: Certificate on USB Token with VPN Router

In this architecture, the remote user will use an USB Token (or a SmartCard) containing a Certificate as a method for User Authentication. TheGreenBow IPSec VPN Client Software will negotiate the authentication of the user with the VPN Router using his certificate and IKE/IPSEC. TheGreenBow IPSec VPN Client Software has to be configured in Certificate mode. Certificates are deployed onto the USB Tokens using 3rd party PKI Server software.


Architecture 3: Simple login/password with Radius Server

In this architecture, the remote user will use a simple login/password combined with X-Auth as a method for User Authentication. Upon reception of authentication request, the VPN Router will query a Radius Server (internal or external) to check user login/password and eventually open VPN tunnel for that user. TheGreenBow VPN Client Software has to be configured in X-Auth mode.

Entreprise VPN Access tutorials

Archi. 1
User Auth.: ZyXEL OTP token
Authentification: X-Auth
VPN Router: ZyXEL ZyWALL 35-70
AAA server: Authenex ASA Server
Tutorial: zyxel-authenex.pdf
Video: none
Credit: ZyXEL Engineering Team
Architecture 1: OTP Token with Radius Server

Archi. 3
User Auth.: Login/password
Authentification: X-Auth
VPN Router: D-Link DFL-800
AAA server: WinRadius Radius Server
Tutorial: DFL800-Radius.pdf
Video: none
Credit: D-Link Engineering Team
Architecture 3: Simple login/password with Radius Server

Archi. 3
User Auth.: Login/password
Authentification: X-Auth
VPN Router: Allied Telesis AT-AR700
AAA server: WinServer 2003 Radius Server
Tutorial: AT-AR700-Radius.pdf
Video: none
Credit: AlliedTelesis Engineering Team
Architecture 3: Simple login/password with Radius Server


Note: the large bullet (i.e. bleu or orange) in the diagrams represent the point of authentication depending on the Authentication Protocol used (X-Auth, IKE,..).