IPSec VPN Client Certified PKI Architecture

 

IPSec VPN Client

 

Support VPN Client Support VPN Client FAQs VPN Gateway Guides Auth. Server Guides VPN Documentation Supported USB Tokens Supported 3G Modems Supported languages Feature request

 

Online Store IPSec VPN Client VPN Mobile CryptoMailer

VPN access with Authentication Server can be based on multiple architectures depending on the User Authentication method selected. For each typical architecture, you'll find several tutorials involving various Authentication Servers (AAA server, Radius server, ..), various Tokens (OTP One Time Password, USB Tokens, RSA SecurID Token,..), and various protocols (X-Auth, IKE/IPSec, ..).

Architecture1: OTP Token with Radius Server
Archi. 1	In this architecture, the remote user will use an OTP Token (One Time Password) combined with X-Auth as a method for User Authentication. Upon reception of authentication request, the VPN Router will query a Radius Server (internal or external) to check user login/password and eventually open VPN tunnel for that user. TheGreenBow VPN Client Software has to be configured in X-Auth mode.
Architecture2: Certificate on USB Token with VPN Router
Archi. 2	In this architecture, the remote user will use an USB Token (or a SmartCard) containing a Certificate as a method for User Authentication. TheGreenBow IPSec VPN Client Software will negotiate the authentication of the user with the VPN Router using his certificate and IKE/IPSEC. TheGreenBow IPSec VPN Client Software has to be configured in Certificate mode. Certificates are deployed onto the USB Tokens using 3rd party PKI Server software.
Architecture3: Simple login/password with Radius Server
Archi. 3	In this architecture, the remote user will use a simple login/password combined with X-Auth as a method for User Authentication. Upon reception of authentication request, the VPN Router will query a Radius Server (internal or external) to check user login/password and eventually open VPN tunnel for that user. TheGreenBow VPN Client Software has to be configured in X-Auth mode.

Archi. 1	User Auth.: ZyXEL OTP token Authentification: X-Auth VPN Router: ZyXEL ZyWALL 35-70 AAA server: Authenex ASA Server Tutorial: zyxel-authenex.pdf Video: none Credit: ZyXEL Engineering Team	Architecture1: OTP Token with Radius Server
Archi. 3	User Auth.: Login/password Authentification: X-Auth VPN Router: D-Link DFL-800 AAA server: WinRadius Radius Server Tutorial: DFL800-Radius.pdf Video: none Credit: D-Link Engineering Team	Architecture3: Simple login/password with Radius Server
Archi. 3	User Auth.: Login/password Authentification: X-Auth VPN Router: Allied Telesis AT-AR700 AAA server: WinServer 2003 Radius Server Tutorial: AT-AR700-Radius.pdf Video: none Credit: AlliedTelesis Engineering Team	Architecture3: Simple login/password with Radius Server
Note: the large bullet (i.e. bleu or orange) in the diagrams represent the point of authentication depending on the Authentication Protocol used (X-Auth, IKE,..).