USG: IPSEC modeconfig and radius questons
Hello, I'm using USG40 as a server (=main office) with roaming customers,
- Can I use modeconfig pushing from server in any other scenario except "Remote Access" scenario? I want to allow users to access main office internal network and do not capture customers default route.
- I [can] use Radius for authentificating IPSEC users (tried with IKE1, but sure IKE2/EAP will work too). Can I pass IP address for modeconfig via radius? What can I pass from Raduis to IPSEC server as Authorization info at all? Is there a document that describes that (and raduis dictonary)?
Thanks.
- I [can] use Radius for authentificating IPSEC users (tried with IKE1, but sure IKE2/EAP will work too). Can I pass IP address for modeconfig via radius? What can I pass from Raduis to IPSEC server as Authorization info at all? Is there a document that describes that (and raduis dictonary)?
Thanks.
0
Accepted Solution
-
I have similar scenario on my environment.
As I know, the mode config only support when phase 2 select Remote Access. All VPN clients can access internal network. Not sure you mean do not capture customers default route.
The IP address are assigned from USG(Mode config) could not assign IP by Radius(authentication only)5
Master MemberAll Replies
-
Thanks. Very pity to hear that radius can be used for Authentification but not for Authorization...
0
Categories
- All Categories
- 164 Beta Program
- 1.7K Nebula
- 86 Nebula Ideas
- 62 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 50 Switch Ideas
- 908 WirelessLAN
- 27 WLAN Ideas
- 5.3K Consumer Product
- 172 Service & License
- 294 News and Release
- 65 Security Advisories
- 14 Education Center
- 911 FAQ
- 399 Nebula FAQ
- 249 Security FAQ
- 90 Switch FAQ
- 100 WirelessLAN FAQ
- 18 Consumer Product FAQ
- 55 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 51 Security Highlight
