ZyXEL Communications 100 Series User Manual
Chapter 39 AAA Server
ZyWALL USG 100/200 Series User’s Guide
626
Figure 462 RADIUS Server Network Example
39.1.3 ASAS
ASAS (Authenex Strong Authentication System) is a RADIUS server that works with the
One-Time Password (OTP) feature. Purchase a ZyWALL OTP package in order to use this
feature. The package contains server software and physical OTP tokens (PIN generators). Do
the following to use OTP. See the documentation included on the ASAS’ CD for details.
One-Time Password (OTP) feature. Purchase a ZyWALL OTP package in order to use this
feature. The package contains server software and physical OTP tokens (PIN generators). Do
the following to use OTP. See the documentation included on the ASAS’ CD for details.
1 Install the ASAS server software on a computer.
2 Create user accounts on the ZyWALL and in the ASAS server.
3 Import each token’s database file (located on the included CD) into the server.
4 Assign users to OTP tokens (on the ASAS server).
5 Configure the ASAS as a RADIUS server in the ZyWALL’s Object > AAA Server
2 Create user accounts on the ZyWALL and in the ASAS server.
3 Import each token’s database file (located on the included CD) into the server.
4 Assign users to OTP tokens (on the ASAS server).
5 Configure the ASAS as a RADIUS server in the ZyWALL’s Object > AAA Server
screens.
6 Give the OTP tokens to (local or remote) users.
39.1.4 What You Can Do Using The AAA Screens
• Use the Object > AAA Server > Active Directory (or LDAP) screens (
) to configure the Active Directory or LDAP default server settings.
• Use the Object > AAA Server > RADIUS screen (
the default external RADIUS server to use for user authentication.
39.1.5 What You Need To Know About AAA Servers
AAA Servers Supported by the ZyWALL
The following lists the types of authentication server the ZyWALL supports.
• Local user database
The ZyWALL uses the built-in local user database to authenticate administrative users
logging into the ZyWALL’s web configurator or network access users logging into the
network through the ZyWALL. You can also use the local user database to authenticate
VPN users.
logging into the ZyWALL’s web configurator or network access users logging into the
network through the ZyWALL. You can also use the local user database to authenticate
VPN users.
• Directory Service (LDAP/AD)
LDAP (Lightweight Directory Access Protocol)/AD (Active Directory) is a directory
service that is both a directory and a protocol for controlling access to a network. The
directory consists of a database specialized for fast information retrieval and filtering
activities. You create and store user profile and login information on the external server.
service that is both a directory and a protocol for controlling access to a network. The
directory consists of a database specialized for fast information retrieval and filtering
activities. You create and store user profile and login information on the external server.
• RADIUS