Local User List
Local is an encompassing term
for Auth, IKE,
L2TP, and XAuth
users created on the security device.
Authentication User – A network user who must provide a user name and password for authentication
when initiating a connection across the firewall.
IKE User – A remote VPN user with a dynamically assigned IP address. The user
provides his or her identity using an e-mail address, an IP address, a
domain name, or ASN1-DN. The VPN can use either AutoKey IKE with a preshared
key or AutoKey IKE with a certificate.
It is often impractical to create separate user definitions for every host
that uses a NetScreen device. In such circumstances, you can make one
user definition available to any host with a local certificate containing
a specified value in a distinguished name field. This technique is known
as Group IKE ID.
L2TP User – A remote user whose IP address a NetScreen device assigns from a pool
of addresses via Point-to-Point Protocol (PPP).
The NetScreen device communicates with the remote user through PPP
frames encapsulated in L2TP frames.
XAuth
User – An XAuth
user is a remote auth
user who connects to the NetScreen device via an AutoKey IKE VPN tunnel.
Whereas the authentication of IKE users is actually the authentication
of individuals’ devices, the authentication of XAuth
users is the authentication of the individuals themselves.
You can combine these kinds of users to create the following four combinations,
also sometimes referred to as multiple-type
users:
Viewing the Local User List
This table lists all local users created on the device and contains
the following information about each one:
Name:
Indicates the name of the user.
Type:
Indicates the type of user—Auth,
IKE, L2TP, XAuth,
or any one of the possible combinations.
Group:
Indicates the name of the group if the user is part of a group.
Status:
Indicates whether the user is enabled or disabled.
Identity: If the
user is an IKE Dynamic Peer, identity is established with an IP address,
domain name, or e-mail address.
Configure: Click Edit
to modify the user profile, or click Remove
to delete the user. Remove is only available if the user is not
named in a policy (as either an individual or part of a group), in which
case the column indicates In Use.