Local User Group List
The greatest advantage of defining user groups is that
you can create one policy for the user group and that policy automatically
applies to all group members, therefore sparing you from creating multiple
policies. Before you can add members to a group, you must first create
them. For more information on creating users, see .
Local is an encompassing
term for Auth, IKE, L2TP, and XAuth
users created on the device.
Authentication User – A network user who must provide a user name and password for authentication
when initiating a connection across the firewall.
IKE User – A remote VPN user with a dynamically assigned IP address. The user
provides his or her identity using an e-mail address, an IP address, a
domain name, or ASN1-DN. The VPN can use either AutoKey IKE with a preshared
key or AutoKey IKE with a certificate.
It is often impractical to create separate user definitions for every host
that uses a NetScreen device. In such circumstances, you can make one
user definition available to any host with a local certificate containing
a specified value in a distinguished name field. This technique is known
as Group IKE ID.
L2TP User – A remote user whose IP address a NetScreen device assigns from a pool
of addresses via Point-to-Point Protocol (PPP).
The NetScreen device communicates with the remote user through PPP
frames encapsulated in L2TP frames.
XAuth
User – An XAuth
user is a remote auth
user who connects to the NetScreen device via an AutoKey IKE VPN tunnel.
Whereas the authentication of IKE users is actually the authentication
of individuals’ devices, the authentication of XAuth
users is the authentication of the individuals themselves.
You can combine these kinds of users to create the following four combinations,
also sometimes referred to as multiple-type
users:
Viewing the Local User Group List
This page lists the local users who must authenticate themselves
against the internal database.
Group Name:
Indicates the name of the user group.
Group type:
Indicates the type of the user group—Auth,
IKE, L2TP, XAuth,
or any one of the possible combinations.
Members: Indicates
the names of the members part of the group.
Configure: Click
Edit to modify the entry, or
click Remove to delete the group.