Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

user ldap authentication for  SSG20 for VPN login

Posted on 2010-01-13
7
Medium Priority
?
971 Views
Last Modified: 2012-05-08
Greetings,

I have a juniper ssg20 firewall with vpn and we are using the netscreen application. Could someone advise how to integrate this ldap so that users dont have to carry multiple login ids.

Currently i have setup the vpn to use ike and xauth.

help is highly appreciated
0
Comment
Question by:junaidIT
  • 4
  • 3
7 Comments
 
LVL 72

Accepted Solution

by:
Qlemo earned 750 total points
ID: 26312917
I recommend to read Concepts&Examples, Vol.9: User Authentication, and http://kb.juniper.net/KB4183 ("Configuring the Juniper Firewall Device Side VPN With XAuth").

You will (probably) have to assign IP Pool, DNS and WINS manually like with the local Auth, but since you have done that already, that should be no problem.

I could not get it work yet, as I was not able to define the LDAP server at all. But please try yourself. I am interested in the result, as I'm working with Local Auth yet, and would like to extend it to Domain LDAP.
0
 
LVL 11

Author Comment

by:junaidIT
ID: 26511476
sorry for the late reply. will check that out andlet you know the results.
0
 
LVL 11

Author Comment

by:junaidIT
ID: 26570872
got a query. do i need to create any policy for the autentication to happen. my ldap server is also my domain controller.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 72

Expert Comment

by:Qlemo
ID: 26571027
No, I suppose not, as the LDAP traffic is not crossing zones (it remains in Trust).
0
 
LVL 11

Author Comment

by:junaidIT
ID: 29322860
kindly abandon this question
0
 
LVL 72

Expert Comment

by:Qlemo
ID: 29325792
Inappropriate closure. It does not make sense to accept your last comment, since it is no  solution.
 
You can either
  • delete the question with refund - if noone helped you. I don't think that is the case.
  • accept an answer - if not fully covering, with a Grade "B"; if complete, Grade "A". You can also give part of the points only.
  • post your closure reason as a comment, and accept that. If it was the solution, then it should be done this way. Could you be more specific what you changed? Another EE user might find that info valuable.
0
 
LVL 11

Author Closing Comment

by:junaidIT
ID: 31676616
please have the question closed and points assigned.the solution definitely provided a guidance on what needs to be done, however unfortunately the device just blew up and we decided to with another product.

thank you for your help and apologies if any inconvenience caused.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question