Page 198 SonicWALL TELE3 SP Administrator’s Guide
VA
- Access to VPNs
LM
- Limited Management
For example, to configure a profile with Access to VPN privileges and allow Access from
VPN Client, the value is set as follows:
8714 2 “VA, VC”
The ACE Server from RSA does not support CHAP with RADIUS, therefore it is
necessary to configure the SonicWALL to use HTTPS when logging into the SonicWALL
management interface.
ACS Server from Cisco
The ACS server, version 2.6, from Cisco does not support the configuration of vendor-
specific privileges. Therefore, if a ACS Server is deployed, user privileges cannot be
configured on the server.
The ACS server can still be used for authentication if the RADIUS users are configured
globally on the SonicWALL to have the same privileges. Also, the ACS server supports
CHAP, so it can be used if HTTPS is not available when logging into the SonicWALL
management interface.
Internet Authentication Service on Microsoft Windows NT/2000 Server
The RADIUS server used on Microsoft Windows NT and Windows 2000 servers is
known as the Internet Authentication Service (IAS). The RADIUS attributes are
configured using policies, and does not support pre-configuration of vendor-specific
attributes. The RADIUS attributes are entered manually into the service by using the
following instructions:
1.
Open
IAS
, and select
Remote Access Policies
.
2.
Select the policy to be configured for user privileges, and right click. Select
Properties
from the list.
3.
Click
Edit Profile
, and then click
Advanced
. Click
Add
.
4.
Select
Vendor-Specific
from the list, and click
Add
. The
Multivalued Attribute
Information
box appears.
5.
Click
Add
. The
Vendor-Specific Attribute Information
box appears.
6.
Click
Enter Vendor Code
, and enter
8741
as the vendor code.
7.
Click
Yes, It conforms
, and then click
Configure Attribute
. The
Configure
VSA (RFC
compliant)
window appears.
8.
Enter 1 as the
Vendor-assigned attribute number
.