Configuring SSL VPN Parameters
69
Click
Create
to add a new domain. The
Add Domain
screen appears.
FIGURE 85
D
OMAIN
AUTHENTICATION
TYPES
SCREEN
Domain Name
Type a name for the domain.
RADIUS - PAP
PAP (Password Authentication Protocol) is an access control protocol for
dialing into a network that provides only basic functionality. Passwords are
sent over the line unencrypted from the client, it provides password check-
ing, but is not secure from eavesdropping.
RADIUS - CHAP
MSCHAP (Microsoft Challenge Handshake Authentication Protocol) is an
access control protocol for dialing into a network that provides a moderate
degree of security. The CHAP server encrypts the challenge with the pass-
word stored in its database for the user and matches its results with the
response from the client. If they match, it indicates the client has the cor-
rect password, but the password itself never leaves the client's machine.
RADIUS -
MSCHAP
MSCHAP (Microsoft Challenge Handshake Authentication Protocol) is
Microsoft’s version of CHAP and provides authentication for PPP connec-
tions between a Windows-based computer and an Access Point or other
network access device.
RADIUS -
MSCHAPV2
MSCHAPV2 (Microsoft Challenge Handshake Authentication Protocol) is
Microsoft’s second version of CHAP.
NT Domain
Select this item if you the domain is being used on a Windows NT server.
Active Directory
Active Directory is an advanced, LDAP compliant, hierarchical directory
service that comes with Windows 2000 servers. Because it is built on the
Internet's Domain Naming System (DNS), workgroups can be given
domain names, just like Web sites, and any LDAP-compliant client (Win-
dows, Mac, Unix, etc.) can gain access to it. Active Directory can function
in a heterogeneous, enterprise network and encompass other directories
including NDS and NIS+.
LDAP
LDAP (Lightweight Directory Access Protocol) is a directory listing access
protocol. LDAP support is being implemented in Web browsers and e-mail
programs, which can query an LDAP-compliant directory. LDAP is a sibling
protocol to HTTP and FTP and uses the ldap:// prefix in its URL. LDAP is a
simplified version of the DAP protocol, which is used to gain access to
X.500 directories. It is easier to code the query in LDAP than in DAP, but
LDAP is less comprehensive.