The following article explains, how to authenticate SSL VPN Clients with Microsoft Active Directory using USG FLEX / ATP / VPN series. In the article, you'll find how to create SSL VPN external users, add the SSL VPN users for the SSL VPN, and configure the authentication method to use the AD server. Lastly, it shortly explains the parameters for the AD configuration.
In this scenario, we have a AD server with the configuration as below:
- IP: 192.168.1.35
- Domain name: cso.net
- Domain user: aduser
- Domain administrator: administrator
- Domain administrator's password: admin1234
[Configuration Steps]
Step 1: Create a SSL VPN Connection. You can check the walkthrough in the following article:
How to create an SSL VPN Tunnel (via SecuExtender software)
Step 2: Add a user on the Domain -Controller named "SSL-User"
Step 3: Add a user on the ZyWALL and select the user type as Ext-User
Step 4: On the ZyWALL, click "SSL" from left panel and add the user "SSL-user" to the policy of the SSL Application that you added on step 1.
Step 5: Configure the Auth.Method, add the "group ad" in the default method.
Step 6: Configuring the AAA server from "Object" > "AAA Server" > Active Directory and refer the parameters listed below to complete the settings.
[Paramaters]
Host: 192.168.1.35
Port: 389
Base DN: dc=cso,dc=net
Bind DN: cn=administrator,cn=users,dc=cso,dc=net
Password: admin1234(Domain administrator's password)
Search time limit: 5
CN is also possible with ext-group-user.
Test result:
If you scroll down you can test the AD connection in the option "Configuration Validation"
+++ You can buy licenses for your Zyxel VPN clients (SSL VPN, IPsec) with immediate delivery by 1-click: Zyxel Webstore +++
KB-00143
Comments
0 comments
Please sign in to leave a comment.