Local User Group List

The greatest advantage of defining user groups is that you can create one policy for the user group and that policy automatically applies to all group members, therefore sparing you from creating multiple policies. Before you can add members to a group, you must first create them. For more information on creating users, see Local User Configuration.

Local is an encompassing term for Auth, IKE, L2TP, and XAuth users created on the device.

Authentication User – A network user who must provide a user name and password for authentication when initiating a connection across the firewall.

IKE User – A remote VPN user with a dynamically assigned IP address. The user provides his or her identity using an e-mail address, an IP address, a domain name, or ASN1-DN. The VPN can use either AutoKey IKE with a preshared key or AutoKey IKE with a certificate.
It is often impractical to create separate user definitions for every host that uses a NetScreen device. In such circumstances, you can make one user definition available to any host with a local certificate containing a specified value in a distinguished name field. This technique is known as Group IKE ID.

L2TP User – A remote user whose IP address a NetScreen device assigns from a pool of addresses via Point-to-Point Protocol (PPP). The NetScreen device communicates with the remote user through PPP frames encapsulated in L2TP frames.

XAuth User – An XAuth user is a remote auth user who connects to the NetScreen device via an AutoKey IKE VPN tunnel. Whereas the authentication of IKE users is actually the authentication of individuals’ devices, the authentication of XAuth users is the authentication of the individuals themselves.

You can combine these kinds of users to create the following four combinations, also sometimes referred to as multiple-type users:

  • Auth/IKE User

  • Auth/IKE/XAuth User

  • Auth/L2TP User

  • IKE/XAuth User

  • Auth/IKE/L2TP User

  • L2TP/XAuth User

  • IKE/L2TP User

  • IKE/L2TP/XAuth User

  • Auth/XAuth User

  • Auth/IKE/L2TP/XAuth User

Viewing the Local User Group List

This page lists the local users who must authenticate themselves against the internal database.

Group Name: Indicates the name of the user group.

Group type: Indicates the type of the user group—Auth, IKE, L2TP, XAuth, or any one of the possible combinations.

Members: Indicates the names of the members part of the group.

Configure: Click Edit to modify the entry, or click Remove to delete the group.

To Create a Local User Group

To create a local user group, click New. For more information, see Local User Group Configuration.