Knowledgebase: VPN and Remote Access
How to configure SSL VPN on Vigor 2925 using RADIUS authentication on Windows 2008 server
Posted by on 04 June 2015 04:12 PM

This document will show you how to configure the Vigor2925 router to allow a remote user to log into the network using SSL VPN with Radius authentication:

 

Picture1

Configuration on Vigor 2925:

 

1). Login to the router using your web browser:

      Default IP address: 192.168.1.1

      Default user name: admin

      Default password: admin

 

2). Go to Applications >> RADIUS/TACACS+.

     Click on Enable

     Enter RADIUS server IP and shared secret. 

     You need to use same Shared Secret value in Step 4 described below under “Radius configuration on Windows 2008 R2 server”

     Picture2

      Click OK to save the settings.

 

3). Go to User management >> User Profile and click Index #3 to create a user profile.

     Check the box of Enable this account and type a user name. Choose Radius as External Server Authentication and click OK to save the                  settings.

      Picture3

 

4). Go to SSL VPN >> General Setup >> Enter the port number to access SSL VPN. Default port is 443.

     Picture4

 

5). Go to SSL VPN >> SSL Application >> click on Index 1>> “Enable Application Service” >> Enter the application details:

    Picture5

     Click OK to save the configuration.

 

6). SSL VPN >> User Group >> Click on Index 1 >> Check the Enable Box.

        Enter the group name

        Provide the access for required application (e.g. here access has been provided to RDP application 192.168.1.14 which we just created in               step 6)

        Check the Radius box to allow radius users to login to SSL VPN

        Picture6

 

         Click Ok to save the configuration.

 

Radius configuration on Windows 2008 R2 server: 

 

Step 1:

  Login to Windows 2008 R2 server and Go to Server Manager 

         Picture7

         Create a user account and password by clicking Local Users and Groups>>Users. Here we will be using existing user “administrator”

         Navigate to Radius Clients under Server Manager >> right click the mouse button to select New >> Enter the details like Friendly name, IP           address of the Vigor 2925, Shared secret. This will be same as shared secret typed in router under step 2 of section 1

         Picture8

         Click on Advanced tab >> Here we will use default values as shown below:

        Picture9

 

Step 2

  Configure Connection Request Policies under Service Manager.

            If you have default policy “Use Windows authentication for all users” configured under connection request policies then you can skip this             step. Else you need to configure connection request policy.

            Right click Policies >> Connection Request Policies >> Add New

            Enter policy name 

            Picture10

 

            Select the criteria under conditions tab. We will select user criteria under Network policy and will allow users to log in to all the time as             described below:

 

           Picture11

          Remaining values will be default under various tabs under settings as shown below:

          Picture12

 

          Picture13

 

         Picture14

         Picture15

         Picture16

 

         

      Picture17

         

     Step 3

          Configure Network Policies under Service Manager

           Right click Network Policies >> Add New

           Enter policy name and other details as shown below:

 

           Picture19

 

         Choose the condition. Here you can select the user group to whom you want to give access for SSL VPN

         E.g. here we have given access to two user groups - vpn and administrators. Hence any user who is member of these groups will get access            for SSL VPN

         Picture19

        Picture20

        Select Authentication Method as Unencrypted

         Picture21

        Remaining setting will be default as shown below:

        Picture22

        Picture23

       Picture24

       Picture25

       Picture26

       Picture27

       Picture28

       Picture29

 

       Picture30

 

      Picture31

      Picture32

      Picture33

      Picture34

      

Check SSL VPN authentication

Go to web browser of the laptop from which you want to access SSL VPN.

Enter address: https://<public IP>:<port number set for SSL VPN>

Now you can login to SSL VPN:

 Picture35

 

Click on Login button

  Picture36

Audit Success Logs on server (Event Viewer)

   

 Picture37

 

Logs captured through Wireshark

Picture38

(2 vote(s))
Helpful
Not helpful

Comments (0)