< Home

Configuring L2TP/L2TP over IPSec User Authentication

This section describes how to configure L2TP/L2TP over IPSec user authentication.

Context

This section describes how to configure L2TP/L2TP over IPSec user access authentication only. To implement user-specific policy control, you need to select L2TP/L2TP over IPSec and Online behavior management, configure authentication policy, and import user information from the server to the local device.

Procedure

  1. Select an authentication domain to be configured.
  2. Select L2TP/L2TP over IPSec.
  3. Configure user information.

    Configure user information on the FW based on the locations and organizational structure of users.

    • Users on the local device

      Create users in the following ways:

      • In User Management List, click Add to create users.

        Parameter

        Description

        User Name

        Login name used for authentication

        Each login name (account) must be unique in its authentication domain.

        Display Name

        Display name of a user

        A display name is a user identifier and cannot be used to initiate an authentication request. You are advised to use the employees' names as their display names for easy recognition and management. Users can share a display name.

        This parameter is unavailable when you create users in batches.

        Description

        Description of a user

        Describe users in a way that makes it easy to find and maintain users.

        Password

        User password

        Confirm Password

        User password entered again for confirmation
      • Click Import User and import users through the CSV file. For details, see Importing Users and User Groups from a CSV File.

    • Users on the server

      1. Select an existing authentication server or add a new one. For details on how to add an authentication server, see Configuring Authentication Servers Using the Web UI.

  4. Enable Reporting Traffic to the Authentication Server.

    Reporting Traffic to the Authentication Server is displayed only when Authentication Server is a RADIUS server.

    After this function is enabled, the FW reports traffic statistics about L2TP VPN access users to the RADIUS server, so that the server can charge the users according to their traffic statistics.

    To use this function, select the online behavior management scenario and configure an authentication policy.

  5. Expand IP Address Pool and set parameters for users in the authentication domain.

    Parameter

    Description

    User Address Pool

    Address pool used to allocate private IP addresses to users.

    Select an existing address pool or click Add to create an address pool.

  6. Optional: Configure a RADIUS accounting scheme and a RADIUS authorization scheme.

    The RADIUS accounting scheme and the RADIUS authorization scheme apply only to user-defined portal authentication, SSL VPN access, L2TP/L2TP over IPSec, IPSec access, administrator access, and 802.1x access scenarios in which the firewall participates in user authentication.

  7. Click Apply.

Follow-up Procedure

After completing the preceding operations, reference the authentication domain on the L2TP or L2TP over IPSec configuration page.

Parent Topic: Configuring an Authentication Domain
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >