Local User Group List
The greatest advantage of defining user groups is that
you can create one policy for the user group and that policy automatically
applies to all group members, therefore sparing you from creating multiple
policies. Before you can add members to a group, you must first create
them. For more information on creating users, see Local User
Configuration.
Local is an encompassing
term for Auth, IKE, L2TP, and XAuth
users created on the device.
Authentication User – A network user who must provide a username and password for authentication
when initiating a connection across the firewall.
IKE User – A remote VPN user with a dynamically assigned IP address. The user
provides the identity using an e-mail address, an IP address, a domain
name, or ASN1-DN. The VPN can use either AutoKey IKE with a preshared
key or AutoKey IKE with a certificate.
It is often impractical to create separate user definitions for every host
that uses a Juniper Networks security device. In such circumstances, you
can make one user definition available to any host with a local certificate
containing a specified value in a distinguished name field. This technique
is known as Group IKE ID.
L2TP User – A remote user whose IP address a security device assigns from a pool
of addresses via Point-to-Point Protocol (PPP).
The security device communicates with the remote user through PPP
frames encapsulated in L2TP frames.
XAuth
User – An XAuth
user is a remote auth
user who connects to the security device via an AutoKey IKE VPN tunnel.
Whereas the authentication of IKE users is actually the authentication
of individuals’ devices, the authentication of XAuth
users is the authentication of the individuals themselves.
You can combine these kinds of users to create the following four combinations,
also sometimes referred to as multiple-type
users:
Viewing the Local User Group List
This page lists the local users who must authenticate themselves
against the internal database.
Group Name:
Indicates the name of the user group.
Group type:
Indicates the type of the user group—Auth,
IKE, L2TP, XAuth,
or any one of the possible combinations.
Members: Indicates
the names of the members part of the group.
Configure: Click
Edit to modify the entry, or
click Remove to delete the group.