Local User List

Local is an encompassing term for Auth, IKE, L2TP, and XAuth users created on the security device.

Authentication User – A network user who must provide a user name and password for authentication when initiating a connection across the firewall.

IKE User – A remote VPN user with a dynamically assigned IP address. The user provides his or her identity using an e-mail address, an IP address, a domain name, or ASN1-DN. The VPN can use either AutoKey IKE with a preshared key or AutoKey IKE with a certificate.
It is often impractical to create separate user definitions for every host that uses a NetScreen device. In such circumstances, you can make one user definition available to any host with a local certificate containing a specified value in a distinguished name field. This technique is known as Group IKE ID.

L2TP User – A remote user whose IP address a NetScreen device assigns from a pool of addresses via Point-to-Point Protocol (PPP). The NetScreen device communicates with the remote user through PPP frames encapsulated in L2TP frames.

XAuth User – An XAuth user is a remote auth user who connects to the NetScreen device via an AutoKey IKE VPN tunnel. Whereas the authentication of IKE users is actually the authentication of individuals’ devices, the authentication of XAuth users is the authentication of the individuals themselves.

You can combine these kinds of users to create the following four combinations, also sometimes referred to as multiple-type users:

  • Auth/IKE User

  • Auth/IKE/XAuth User

  • Auth/L2TP User

  • IKE/XAuth User

  • Auth/IKE/L2TP User

  • L2TP/XAuth User

  • IKE/L2TP User

  • IKE/L2TP/XAuth User

  • Auth/XAuth User

  • Auth/IKE/L2TP/XAuth User

Viewing the Local User List

This table lists all local users created on the device and contains the following information about each one:

Name: Indicates the name of the user.

Type: Indicates the type of user—Auth, IKE, L2TP, XAuth, or any one of the possible combinations.

Group: Indicates the name of the group if the user is part of a group.

Status: Indicates whether the user is enabled or disabled.

Identity: If the user is an IKE Dynamic Peer, identity is established with an IP address, domain name, or e-mail address.

Configure: Click Edit to modify the user profile, or click Remove to delete the user. Remove is only available if the user is not named in a policy (as either an individual or part of a group), in which case the column indicates In Use.

To Create a Local User

To create a local user, click New. For more information, see Local User Configuration.