The Nebula Cloud platform offers the option to allow L2TP VPN users to authenticate wired/wireless networks over RADIUS 802.1x and (or) AD servers, connecting to local domain controllers in the network.
Table of Contents:
- Scenario
- Setting up Authentication in Nebula Control Center
- Setting up the RADIUS / AD Server
- Setting up L2TP in Nebula Control Center
- Client configuration and verification
1. Scenario
Prerequisite: Client VPN IP addresses cannot overlap LAN subnet
Scenario: Setup L2TP VPN connection with Radius/AD servers in Windows server 2008
Preparation: NSG100 *1, NSW100 *1, RADIUS Server *1 and AD Server *1 in Windows server 2008, iPhone 6S+ *1 and Laptop x1
2. Setting up Authentication in Nebula Control Center
1. Navigate to
Site-wide > Configure > Firewall > Firewall settings
2. Enter information under my RADIUS server
In order to use My RADIUS server option, user is required to configure the Radius server and Active Directory roles in the domain controller.
Setting up the RADIUS / AD Server
RADIUS:
1. Add new RADIUS Client
Server Manager > Role > Network Policy and Access Services > NPS(local) > RADIUS Clients and Servers > RADIUS Client > New RADIUS Client > Enter information in red > OK
2. Add new RADIUS Client
3. Enter Policy name (eg: USG) > Next
4. Select Client IPv4 Address > Add > Enter WAN NSG100 IP (eg: 10.214.30.67) > OK
AD
1. Add new AD user
Server Manager >Role > Active Directory Domain Services > Active Directory Users and Computers > zyxel.cso.com > Users > New > User
2. Enter user logon name (eg: james@zyxel.cso.com) > Next
3. Enter password > Next > Finish
4. Setting up L2TP in Nebula Control Center
1. Navigate to
Site-wide > Configure > Firewall > Remote Access VPNand set up the Client setup to your needs. Don't forget to select the RADIUS-Server in the "Authentication" field.
5. Client configuration and verification
In this example, we look at generic iPhone settings for the client setup:
1. iPhone > Setting > General > VPN > Add VPN Configuration > Type > L2TP
2. iPhone > Setting > Toggle on VPN
3. iPhone > Setting > General > VPN
4. L2TP Connection Result on NCC via
GATEWAY > Monitor > Event log > Category > Enter Auth > Search Event log displays L2TP client login information
5. L2TP Connection Result on Event viewer in Windows Server 2008
Server Manager > Diagnostics > Custom views >Event Viewer> ServerRoles > Network Policy and Access Services
6. Scenario Result for authorizing L2TP Client over Authentication Server - L2TP Client IP 10.20.20.1 can access LAN host 10.214.30.16
Comments
0 commentsPlease sign in to leave a comment.