Transcription

DIGIPASS Authentication forSonicWALL SSL-VPNWith VACMAN Middleware 3.0DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006IntegrationVASCO Data Security.All rights reserved.GuidelinePage 1 of 57

DisclaimerDisclaimer of Warranties and Limitations of LiabilitiesThis Report is provided on an 'as is' basis, without any other warranties, or conditions.No part of this publication may be reproduced, stored in a retrieval system, ortransmitted, in any form or by any means, electronic, mechanical, photocopying,recording, or otherwise, without the prior written permission of VASCO Data Security.TrademarksDigipass & VACMAN are registered trademarks of VASCO Data Security. All trademarksor trade names are the property of their respective owners. VASCO reserves the rightto make changes to specifications at any time and without notice. The informationfurnished by VASCO in this document is believed to be accurate and reliable. However,VASCO may not be held liable for its use, nor for infringement of patents or otherrights of third parties resulting from its use.Copyright 2006 VASCO Data Security. All rights reserved.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 2 of 57

Table of ContentsDIGIPASS Authentication for SonicWALL SSL-VPN . 1Disclaimer . 2Table of Contents. 3Reference guide. 61Overview . 72Problem Description. 83Solution & Network Diagram. 9453.1Benefits . 93.2How does two-factor authentication work? . 93.3Supported Platforms . 103.4Network Diagram . 10Technical Concept . 114.1General overview . 114.2Overview of SonicWALL RADIUS Authentication with VM . 124.3Overview of RADIUS IP and Port Settings . 134.4Overview of actions . 14Configuration of the SonicWALL SSL-VPN . 155.1Login to the SSL-VPN & check version . 155.2Time setting on the SSL-VPN . 175.3DNS Settings . 185.4Configure a default route for the SSL-VPN . 195.5NetExtender Client Address Range . 205.6Add NetExtender Client Routes . 215.7Create a Portal Domain . 225.8Add a ‘local user’ for the Domain . 235.9Edit the policy for the user. 24DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 3 of 57

6Configuration of the SonicWALL PRO4060 . 256.1Login to the PRO4060 . 256.2PRO4060 Interface and Zone configuration . 266.3Creating the Address Objects . 296.4Inbound allow rule for https & NAT Policy . 306.5Allow rule from DMZ to LAN for VACMAN Middleware . 327VACMAN Middleware . 337.1Policy configuration . 337.2Component configuration . 358User configuration . 368.1ODBC installation . 368.1.1User creation . 368.1.2Import Digipass . 388.1.3Digipass Assignment . 408.29Active Directory installation . 428.2.1User creation . 428.2.2Import Digipass . 448.2.3Digipass assignment . 46Two-factor authentication SSL-VPN test and conclusion . 4810VACMAN Middleware features . 5010.1Installation . 5010.1.1Support for Windows 2000, 2003, IIS5 and IIS6 . 5010.1.2Support for ODBC databases and Active Directory . 5010.2Deployment. 5010.2.1Dynamic User Registration (DUR). 5010.2.2Autolearn Passwords . 5010.2.3Stored Password Proxy . 5010.2.4Authentication Methods . 5010.2.5Policies. 51DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 4 of 57

10.2.6Digipass Self Assign . 5110.2.7Digipass Auto Assign . 5110.2.8Grace Period . 5110.2.9Virtual Digipass . 5110.3Administration . 5210.3.1Active Directory Users and Computers Extensions . 5210.3.2Administration MMC Interface . 5210.3.3User Self Management Web Site . 5310.3.4Delegated administration . 5310.3.5Granular access rights . 5411For more information on SonicWALL . 5512For more information on VASCO Data Security . 5513About SonicWALL . 5614About VASCO Data Security . 57DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 5 of 57

Reference guideID1TitleVasco integrationAuthorOlivier Cambier2SonicWALLintegrationKatie De WildePublisherVasco DataSecuritySonicWALL,Inc.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Date3 Nov 2006ISBN-3 Nov 2006-Page 6 of 57

1 OverviewSonicWALL is a strong leader in secure, easy to configure and affordable SSL-VPNclientless remote access and provides users additional Unified Threat Managementsecurity when combined with SonicWALL’s firewall/VPN appliances. This addresses allcompanies going from the SMB (Small & Medium Businesses) to the Enterprise space.Vasco Data Security has a long history with delivering strong authentication throughthe DIGIPASS Family of Digipasss that delivers the comfort of using One TimePasswords (OTP’s).VACMAN RADIUS Middleware combined with SonicWALL SSL-VPN and SonicWALLfirewall/VPN appliances is the result of the open market approach delivered throughVACMAN RADIUS Middleware technology.VACMAN RADIUS Middleware and SonicWALL gives users the possibility to utilize thestrength of the Vasco Digipass Family concept (One Time Password login as TimeBased Response Only or Challenge/Response) for easy and secure clientless SSL-VPNremote access (everywhere and everytime).DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 7 of 57

2 Problem DescriptionSince static passwords are generally known as non-secure and easy to compromise,the challenge was to introduce OTP’s (One Time Password) to the remote accessmarket to strongly secure the corporate LAN or central resurces. Additionally it wouldbe nice to easily track and manage incoming users via the SonicWALL SSL-VPN andfirewall/VPN devices.Two-factor authentication is an authentication method that requires two independentpieces of information to establish identity and privileges. Two-factor authentication isstronger and more rigorous than traditional password authentication that only requiresone factor (the user’s password). For this reason SonicWALL Partners with Vasco toprovide strong two-factor user authentication.The following pages present how to solve these issues via a quick an easyconfiguration on both the SonicWALL SSL-VPN & PRO4060 and the Vasco VACMANRADIUS Middleware.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 8 of 57

3 Solution & Network Diagram3.1BenefitsTwo-factor authentication offers the following benefits in combination with SonicWALLSSL-VPN: 3.2Greatly enhances security by requiring two independent pieces of informationfor authentication.Reduces the risk posed by weak user passwords that are easily cracked.Minimizes the time administrators spend training and supporting users byproviding a strong authentication process that is simple, intuitive, andautomated.How does two-factor authentication work?Two-factor authentication requires the use of a third-party authentication service. Theauthentication service consists of two components: An authentication server on which the administrator configures user names,assigns tokens, and manages authentication-related tasks, like Vasco VACMANRADIUS Middleware.Tokens that the administrator gives to the user which display One TimePasswords (OTP), like Vasco’s Digipass.With two-factor authentication, users must enter a valid OTP to gain access. An OTPconsists of the following: The user’s personal identification number (PIN).A One Time Password.Users receive the temporary token codes from their Vasco Digipass. The Digipassdisplays a new OTP every 32 seconds. (In case of an older Digipass, this time was 36seconds.) When VACMAN Middleware authenticates the user, it verifies that the OTPtimestamp is valid in the current timeframe. If the PIN is correct and the OTP iscorrect and current, the user is authenticated.Because user authentication requires these two factors, the Vasco Digipass solutionoffers much stronger security than traditional passwords (single-factorauthentication).DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 9 of 57

3.3 3.4Supported PlatformsVACMAN Middleware. This document describes version 3.0.SonicWALL SSL-VPN 2000 and 4000 platforms running firmware version 2.0 orhigher. This document describes firmware version 2.0.0.0 of SSL-VPN.SonicWALL PRO4060 running SonicOS Enhanced 3.x. This document describesSonicOS Enhanced version 3.2.0.3Network DiagramFigure 1: Network DiagramDIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 10 of 57

4 Technical Concept4.1General overviewThe concept is very easy: the VACMAN Middleware (VM) is installed as a back-endauthentication service for the SonicWALL SSL-VPN.This means that the VM receives all authentication requests from the SonicWALL SSLVPN. The One Time Password (OTP) within the authentication request will be verifiedon the VM.After VM verification, a RADIUS access-accept message is sent to the SonicWALL SSLVPN for the Authentication part.Figure 2: General OverviewDIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 11 of 57

4.2Overview of SonicWALL RADIUS Authenticationwith VMThe following is a description on the RADIUS authentication sequence WITHOUTDIGIPASS assigned: A remote user initiates a connection to the SonicWALL PRO4060.The SonicWALL PRO4060 is configured that all https (SSL-VPN) traffic isforwarded to the SonicWALL SSL-VPN.The SonicWALL SSL-VPN gathers the remote user’s ID and password, and thensubmits a RADIUS authentication request to the VM.VM performs the verification and answers to the SonicWALL SSL-VPN with aaccess-accept or access-reject message.SonicWALL SSL-VPN then provides access to the authenticated user’s individualPortal on the SonicWALL SSL-VPN where the protected resources can beaccessed via a simple ‘bookmark’ click or via IPSec-alike NetExtender access.The following is a description on the RADIUS authentication sequence WITH DIGIPASSAssigned: A remote user initiates a connection to the SonicWALL PRO4060.The SonicWALL PRO4060 is configured that all https (SSL-VPN) traffic isforwarded to the SonicWALL SSL-VPN.The SonicWALL SSL-VPN gathers the remote user’s ID and one time passwordgenerated by the DIGIPASS, and then submits a RADIUS authenticationrequest to the VM.VM performs the OTP verification and answers to the SonicWALL SSL-VPN witha access-accept or access-reject message.SonicWALL SSL-VPN then provides access to the authenticated user’s individualPortal on the SonicWALL SSL-VPN where the protected resources can beaccessed via a simple ‘bookmark’ click or via IPSec-alike NetExtender access.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 12 of 57

4.3Overview of RADIUS IP and Port SettingsIn most installations, only a few products manage SSL-VPN RADIUS clients. Therefore,the recommended setup is to change the limited number of VM and SonicWALL SSLVPN settings rather than the many RADIUS client settings. The alternate setup is tochange those RADIUS clients to point to the VM.In either case, the RADIUS settings must result in the following relationships asdetailed below. Also, see VM Configuration and SonicWALL SSL-VPN Configurationsections in this document on how to configure these settings.Required RADIUS Setting RelationshipsSSL-VPNRADIUS ClientIP addressVMIP address in Server settings &IP address in Client settingsPort numbersPort numbers in Server settingsShared-SecretShared-Secret in Client settingsDIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 13 of 57

4.4Overview of actionsIn the next chapters we will show you how to configure each device and server in theright way to enable the 2-factor authentication with VACMAN Middleware. SonicWALL SSL-VPN configurationSonicWALL PR4060 configurationVACMAN Middleware configurationUser configurationSample of a logonSSL-VPN applianceFirewall applianceVACMAN MiddlewareUsersLogonDIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights age 14 of 57

5 Configuration of theSonicWALL SSL-VPN5.1Login to the SSL-VPN & check versionBrowse to the default IP address of the SSL-VPN 2000 or 4000 on its interface labeled‘X0’ on https://192.168.200.1 and login with the default values:User Name: adminPassword: password(please change afterwards)Note: If you enter http://192.168.200.1 it will automatically redirect to https.Check in the System Status page that the current ‘Firmware Version’ is minimumversion 2.0 :Figure 3: SonicWALL SSL/VPN configuration (1)If it is not minimum version 2.0, it is advised that you register the SonicWALL SSLVPN appliance on https://www.mysonicwall.com where you can download the latestfirmware version with a valid SonicWALL support entitlement.Note: Firmware version 2.0 is needed to support two-factor authentication on the SSLVPN appliance.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 15 of 57

Check the Network Interfaces page for the correct IP address of the SSL-VPN’sX0 interface. According to the Network Diagram on page 9, this can be left to thedefault IP address 192.168.200.1 :Figure 4: SonicWALL SSL/VPN configuration (2)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 16 of 57

5.2Time setting on the SSL-VPNBecause two-factor authentication depends on time synchronization, it is importantthat the internal clocks for the SSL-VPN appliance and the VACMAN Middleware are setcorrectly. On the SSL-VPN appliance, set the time on the System Time page, eithervia an NTP server or manually, and select the correct Time Zone:Figure 5: SonicWALL SSL/VPN configuration (3)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 17 of 57

5.3DNS SettingsOn the Network DNS page, set the correct DNS Settings and optionally the WINSSettings:Figure 6: SonicWALL SSL/VPN configuration (4)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 18 of 57

5.4Configure a default route for the SSL-VPNAccording to the Network Diagram on page 9, the default route for the SSL-VPN is thePRO4060’s X2 interface that corresponds with the DMZ Zone. This IP address is set to192.168.200.250 and needs to be configured as the Default Route for the SSL-VPN.Navigate to the Network Routes page and set the correct Default Route on theSSL-VPN’s X0 interface:Figure 7: SonicWALL SSL/VPN configuration (5)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 19 of 57

5.5NetExtender Client Address RangeIf NetExtender Clients ( IPSec like SSL-VPN tunnels) are used, set the NetExtenderClient Address Range in the NetExtender Client Addresses page:Figure 8: SonicWALL SSL/VPN configuration (6)In this example, the Client Address Range Begin and End can be left default as ClientAddresses will be assigned in the same subnet 192.168.200.0/24 of the SSL-VPN’s X0interface.Note: Make sure you exclude from this range the SonicWALL SSL-VPN’s X0 interfaceand the SonicWALL PRO4060’s X2 interface IP address, according to the NetworkDiagram in Figure 1: Network Diagram.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 20 of 57

5.6Add NetExtender Client RoutesIn the NetExtender Client Routes page, Add the correct Client Routes for theauthenticated remote users accessing the private networks via the SSL-VPNconnection:Figure 9: SonicWALL SSL/VPN configuration (7)According to the Network Diagram in Figure 1: Network Diagram, this correspondswith the subnet connected to the X0 (LAN) interface of the SonicWALL PRO4060.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 21 of 57

5.7Create a Portal Domain‘Add Domain’ via the Portal Domains page and select ‘RADIUS’ as theAuthentication Type from the Drop-down menu:Figure 10: SonicWALL SSL/VPN configuration (8)Enter a descriptive name for the ‘Domain Name’. This is the Domain Name users willselect in order to log into the SonicWALL SSL-VPN appliance portal.The ‘RADIUS server address’ is the IP address of VACMAN Middleware.The ‘RADIUS server port’ needs to match the RADIUS port of VACMAN Middleware, aswell as the ‘Secret password’ that is used for RADIUS authentication between thesetwo elements.Note: VACMAN Middleware prior to version 3.0 uses a different default port numberthan 1812 (that is the default value for SonicWALL SSL-VPN). The RADIUS port1812/1813 is now the default value (that matches the default SSL-VPN values).In this example only a ‘Primary RADIUS server’ is used.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 22 of 57

5.8Add a ‘local user’ for the DomainVia the Users Local Users page, ‘Add a User’ to the ‘Domain Vasco’ just created.testuserFigure 11: SonicWALL SSL/VPN configuration (9)Assign this user to the RADIUS Domain, it won’t ask for a password (see below), it willjust ask for the username. Passwords will be generated through the RADIUS Server.Make sure you duplicate the usernames as on the RADIUS Server (testuser in thisexample).Figure 12: SonicWALL SSL/VPNconfiguration (10)Figure 13: SonicWALL SSL/VPNconfiguration (11)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 23 of 57

5.9Edit the policy for the userYou can edit the policy for the user by going to the Users Local Users page andselecting the ‘Configure’ button:The default ‘Policy’ is Allow All Traffic. You can be more restrictive or create optional‘Bookmarks’ for the User.Figure 14: SonicWALL SSL/VPN configuration (12)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 24 of 57

6 Configuration of theSonicWALL PRO40606.1Login to the PRO4060Browse to the default IP address of the SonicWALL PRO4060 on its LAN interfacelabeled ‘X0’ on http://192.168.168.168 and login with the default values:User Name:Password:adminpassword(please change afterwards)The IP address will be changed later on to 10.120.1.250 according the networkdiagram in Figure 1: Network Diagram.Figure 15: SonicWALL PRO4060 configuration (1)It is advised that you register the SonicWALL PRO4060 appliance onhttps://www.mysonicwall.com where you can download the latest firmware versionwith a valid SonicWALL support entitlement.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 25 of 57

6.2PRO4060 Interface and Zone configurationYou can configure the correct IP addresses and Zones of the interfaces in theNetwork Interfaces page according to the Network Diagram on page 9:Figure 16: SonicWALL PRO4060 configuration (2)Click on the ‘Configure’ button for the X2 interface and match it to the DMZ zone withIP address 192.168.200.250 as follows:Figure 17: SonicWALL PRO4060 configuration (3)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 26 of 57

Click on the ‘Configure’ button for the X1 interface (fixed tied to the WAN zone) andassign it the IP address 10.10.10.10 as follows:Figure 18: SonicWALL PRO4060 configuration (4)Finally the X0 interface will be configured (fixed tied to the LAN zone) with IP address10.120.1.250 as follows:Figure 19: SonicWALL PRO4060 configuration (5)As the IP address for accessing the GUI of the PRO4060 on its X0 interface is changed,the IP address of the machine (PC) accessing the GUI needs to be reconfigured in thesame IP subnet as the X0 interface of the PRO4060.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 27 of 57

After these changes, the summary in the Network Interfaces page will look asfollows:Figure 20: SonicWALL PRO4060 configuration (6)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 28 of 57

6.3Creating the Address ObjectsCreate a VACMAN Middleware object in the LAN zone with host IP 10.120.1.100 viathe Network Address Objects page by clicking the ‘Add’ button all the way downthe screen:Figure 21: SonicWALL PRO4060 configuration (7)The IP address matches the Network Diagram on page 9. Do the same for an SSL-VPN2000 object in the DMZ zone:Figure 22: SonicWALL PRO4060 configuration (8)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 29 of 57

6.4Inbound allow rule for https & NAT PolicyIn this chapter we will create an inbound ‘Allow’ rule to permit all https traffic on WANto the SSL-VPN 2000 object in the DMZ zone. Select Firewall Access Rules in theMatrix from WAN to DMZ:Figure 23: SonicWALL PRO4060 configuration (9)Step 1: Create an ‘Allow’ access rule for https on the ‘WAN primary IP’ address objectof the SonicWALL PRO4060 by clicking the ‘Add’ button:Figure 24: SonicWALL PRO4060 configuration (10)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 30 of 57

The ‘Allow’ rule for https should look as follows:Figure 25: SonicWALL PRO4060 configuration (11)Click ‘OK’ and the following ‘Access Rules’ will appear in the list from WAN to DMZ:Figure 26: SonicWALL PRO4060 configuration (12)Step 2: Create a NAT policy to forward the https traffic to the SSL-VPN 2000. SelectNetwork NAT Policies and ‘Add’ the following Policy all the way down the screen:Figure 27: SonicWALL PRO4060 configuration (13)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 31 of 57

6.5Allow ruleMiddlewarefromDMZtoLANforVACMANIn this chapter we will create an access rule from the DMZ zone to the LAN zone foraccess to the VACMAN Middleware object. Select the Firewall Access Rule page andindicate in the Matrix the Access Rules from DMZ to LAN. Add an ‘Allow’ rule asfollows:Figure 28: SonicWALL PRO4060 configuration (14)If access from DMZ to LAN is needed towards more ‘Destinations’ other than theVACMAN Middleware, add them here accordingly.DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 32 of 57

7 VACMAN Middleware7.1Policy configurationSetting up the VM only requires you to set up a policy to go to the right back-end (oronly local) and to add an extra RADIUS client component pointing to the SonicWALLSSL/VPN Server.To add a new policy, right-click Policies and choose New Policy.Figure 29: VM Policy Configuration (1)There are a few policies available by default. You can also create new policies to suityour needs. Those can be independent policies, inherit or copy their settings fromdefault or other policies.Fill in a policy name and choose the option most suitable in your situation. If youwant the policy to inherit setting from another policy, choose the inherit option. If youwant to copy an existing policy, choose the copy option and if you want to make a newone, choose the create option.Figure 30: VM Policy Configuration (2)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 33 of 57

In the policy properties configure it to use the right back-end server. This could be thelocal database, but also Windows (Active Directory) or another RADIUS server(RADIUS).This can be the same authentication service as you were previously using in yourSonicWALL VPN/SSL box.In our example we select our SonicWALL policy: Local Auth.:Back-End Auth.:Dynamic User Registration:Password Autolearn:Stored Password Proxy:Windows Group gure 31: VM Policy Configuration (3)(Digipass/Password)(None)(No)(No)(No)(No Check)Figure 32: VM Policy Configuration (4)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VASCO Data Security. All rights reserved.Page 34 of 57

7.2Component configurationCreate a new component by right-clicking the Components and choose NewComponent.Figure 33: VM Component Configuration (1)As component type choose RADIUS Client. The location is the IP address of theSonicWALL SSL/VPN box. In the policy field you should find your newly createdpolicy. Fill in the shared secret you entered also in the RADIUS server properties onthe SonicWALL SSL/VPN box. Click Create.Figure 34: VM Component Configuration (2)DIGIPASS Authentication for SonicWALL SSL-VPN - Integration Guideline V1.0 2006 VAS

The SonicWALL SSL-VPN gathers the remote user’s ID and password, and then submits a RADIUS authentication request to the VM. VM performs the verification and answers to the SonicWALL SSL-VPN with a access-accept or access-reject message. SonicWALL SSL-VPN th