Vigor2830/2850/2860/3200 support authenticating Host to LAN VPN connections to external RADIUS/ LDAP/ AD servers at the same time. Users now can choose to authenticate VPN users from local database or by external servers with flexibility.
With RADIUS client setting configured or LDAP/ AD profile selected on Vigor router, the router will forward the request to relevant RADIUS server or LDAP/ AD server to finish the authentication process.
Configuring the Vigor to use an RADIUS Server
Configure the Radius Server settings in Applications >> RADIUS.
Configuring the Vigor to use an LDAP/AD Server
1. Go to Applications >> Active Directory /LDAP to get the following page for configuring LDAP.
There are three types of bind mode supported:
*Simple Mode –Simply do the bind authentication without any searching action.
*Anonymous – Perform a searching action first with Anonymous account, and then do the bind authentication.
*Regular Mode– Mostly it is the same with anonymous mode. The difference is that the
server will firstly check if you have the search authority.
For the regular mode, you’ll need to type in the Regular DN and Regular Password.
System will ask for a reboot after configuring the Active Directory /LDAP General Setting.
2. Create LDAP server profiles. Click the Active Directory /LDAP tab to open the profile web
page and click any of the index number link.
We can use the Search icon to quickly input the Base Distinguished Name and Group Distinguish Name (in Regular mode).
3. Click OK to save the settings.
Configuring the Vigor to authenticate Host to LAN VPN with external server
1. We don't need to do additional configurations for Vigor to use the Radius server to authenticate VPN Host to LAN connection once the RADIUS settings are configured in Applications >> RADIUS.
2. Go to VPN and Remote Access >> PPP Setup.
We can see the LDAP/ AD profile we just created.
Select the LDAP/ AD profile to enable Vigor using LDAP/ AD server to authenticate VPN Host to LAN connections.
1.When both RADIUS and LDAP are enabled, the information will be firstly sent to RADIUS server. If the authentication on RADIUS server fails, the information will then be passed to LDAP server.
2.When using LDAP server for authentication, we must choose PAP as security protocol in the dialing-in via Smart VPN Client.