How to configure USG Series to authenticate SSL VPN client with Microsoft Active Directory

Zyxel_Charlie
Zyxel_Charlie Posts: 1,034
50 Answers 500 Comments Friend Collector Fourth Anniversary
 Guru Member
edited June 29 in VPN

For example, we have a AD server with the configuration as below:

  1. IP:192.168.1.35
  2. Domain name: cso.net
  3. Domain user: aduser
  4. Domain administrator: administrator
  5. Domain administrator's password: admin1234

 


[Configuration Steps]


Step 1: Building an SSL Application (wheter for Web application or File Sharing)
 

Step 2: Add a user on the Domain server named "aduser"
 

Step 3: Add a user on the ZyWALL and select the user type as Ext-User
 

Step 4: On the ZyWALL, click "SSL" from left panel and add the user "aduser" to the policy of the SSL Application that you added on step 2.
 

Step 5: Configuring the Auth.Method, add the "group ad" in the default method.
 

Step 6: Configuring the AAA server from "Object" > "AAA Server" > Active Directory and refer the parameters listed below to complete the settings.

 

[Paramaters]
Host: 192.168.1.35
Port: 389
Bind DN: cn=administrator,cn=users,dc=cso,dc=net
Server Search Base: dc=cso,dc=net
Bind DN: cn=administrator,cn=users,dc=cso,dc=net
Password: admin1234(Domain administrator's password)
Base DN: dc=cso,dc=net
CN Identifier: sAMAccountNAME
Search time limit: 5