• Home

  • Documents

  • How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote...
11
NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time Password Server Juniper SA SSL/VPN Situation Setting Juniper SSL/VPN remote access policies based on the group membership from LDAP User database with Nordic Edge One Time Password Server Solution Step 1. - Installing Nordic Edge plugin RADIUSAttributeGroupMembership Copy attached file RADIUSAttributeGroupMembership.class in directory <OTPServer>/ext Copy attached file groupmembership.cfg in directory <OTPServer> Step 2.- Configuring OTPServer RADIUS Client Select Radius & Client tab

How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Embed Size (px)

Citation preview

Page 1: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database

Fact

One Time Password Server

Juniper SA SSL/VPN

SituationSetting Juniper SSL/VPN remote access policies based on the group membership from LDAP User

database with Nordic Edge One Time Password Server

Solution Step 1. - Installing Nordic Edge plugin RADIUSAttributeGroupMembership Copy attached file RADIUSAttributeGroupMembership.class in directory <OTPServer>/ext Copy attached file groupmembership.cfg in directory <OTPServer> Step 2.- Configuring OTPServer RADIUS Client Select Radius & Client tab

Page 2: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Highlight Radius Client

Select “Edit Client”

Page 3: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Highlight User DatabaseSelect Options

Page 4: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Select Add OptionConfigure Radius Attribute as follows:

Page 5: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Select OK to save attribute value configuration.

Page 6: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Select OK to save Radius attribute configuration. Step 3. - Configuring group membership filter Choose user groups from LDAP user database.As an example groups: VPN-user,VPN-helpdesk,VPN-support,VPN-admins will be used. Step 3.1 Modify groupmembership.cfg For Microsoft Active Directory Modify groupmembership.cfg: GroupNameTag=Groupname:Separator=,GroupsToCheck=VPN-user,VPN-helpdesk,VPN-support,VPN-adminsUserIDAttribute=samaccountnameGroupMemberAttribute=memberOf For Novell eDirectory Modify groupmembership.cfg: GroupNameTag=Groupname:Separator=,GroupsToCheck=VPN-user,VPN-helpdesk,VPN-support,VPN-adminsUserIDAttribute=CNGroupMemberAttribute=groupmembership4- Configuring Juniper SSL/VPNStart Juniper Central Manager, select Users / User Roles and create roles matching the GroupsToCheck list from groupmembership.cfg.In this example four roles are created:VPN-User, VPN-Helpdesk, VPN-Support and VPN-Admins

Page 7: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Select Users / Users Realms and open your Realm. In this example the Realm is called “User”.On the General Page make sure the Directory / Attribute is set to “Same as above”.

Page 8: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Select the page “Role Mapping” and configure the Rule based on “User attribute”

Page 9: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Select “Update”

In this example Role Mapping Rule for Role VPN-User is created as shown below:Select Attribute Class (25)Choose “Is” and write group name including GroupNameTag from groupmembership.cfg, i.e “Groupname:VPN:user”Assign rule to Role “VPN-User”

Page 10: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

Save changes and repeat for all user groups in the GroupsToCheck list from groupmembership.cfg.

When completed, this example's configuration looks like the following:

Page 11: How to set Juniper SSL VPN remote access policies · NSD1178 How to set Juniper SSL / VPN remote access policies based on the group membership from ldap user database Fact One Time

The Juniper policies are now matching user group membership set in the LDAP user database and groupmembership.cfg.


Juniper VPN Concepts

Juniper VPN Concepts

Documents
A10 Networks AX Series and Juniper Networks SA Series SSL VPN

A10 Networks AX Series and Juniper Networks SA Series SSL VPN

Documents
Court Juniper VPN Upgrade

Court Juniper VPN Upgrade

Documents
Radware AppDirector and Juniper Networks Secure Access SSL VPN

Radware AppDirector and Juniper Networks Secure Access SSL VPN

Documents
AX Series with Juniper Networks SA Series SSL-VPN Appliances Solution

AX Series with Juniper Networks SA Series SSL-VPN Appliances Solution

Documents
SSL-VPN TROUBLESHOOTING GUIDE - Miami-Dadeconnect.miamidade.gov/library/ssl-vpn-troubleshooting.pdf · SSL-VPN TROUBLESHOOTING GUIDE Date: 06/05/2009, ... invalid socket id ... Make

SSL-VPN TROUBLESHOOTING GUIDE - Miami-Dadeconnect.miamidade.gov/library/ssl-vpn-troubleshooting.pdf · SSL-VPN TROUBLESHOOTING GUIDE Date: 06/05/2009, ... invalid socket id ... Make

Documents
Juniper Networks SSL VPN SSO and OWA - SafeNet · Juniper Networks SSL VPN SSO and OWA with BlackShield Overview 3 Contact Information CRYPTOCard’s technical support specialists

Juniper Networks SSL VPN SSO and OWA - SafeNet · Juniper Networks SSL VPN SSO and OWA with BlackShield Overview 3 Contact Information CRYPTOCard’s technical support specialists

Documents
EURECOM SSL VPN User’s guide · EURECOM SSL VPN user’s guide Page 2 Introduction . ... EURECOM SSL VPN user’s guide Page 7 Using CEGID Applications in the VPN (windows only)

EURECOM SSL VPN User’s guide · EURECOM SSL VPN user’s guide Page 2 Introduction . ... EURECOM SSL VPN user’s guide Page 7 Using CEGID Applications in the VPN (windows only)

Documents
Juniper Network Connect SSL VPN Client Windows Quick

Juniper Network Connect SSL VPN Client Windows Quick

Documents
Juniper Networks SA Series SSL-VPN Deployment Guide for the … · 2021. 1. 12. · Juniper Networks SA Series (Juniper SA) allows employees, partners, suppliers and contractors to

Juniper Networks SA Series SSL-VPN Deployment Guide for the … · 2021. 1. 12. · Juniper Networks SA Series (Juniper SA) allows employees, partners, suppliers and contractors to

Documents
SAMSUNG ENTERPRISE MOBILITY SOLUTIONS Pulse serves as an SSL VPN mobile user interface to the market-leading Juniper Networks SSL VPN solution, delivering secure, authenticated remote

SAMSUNG ENTERPRISE MOBILITY SOLUTIONS Pulse serves as an SSL VPN mobile user interface to the market-leading Juniper Networks SSL VPN solution, delivering secure, authenticated remote

Documents
Juniper VPN

Juniper VPN

Documents
Management Services SSL VPN Setup - SonicWall · 2020-04-15 · Management Services SSL VPN Setup Administration About SSL VPN 4 Benefits of SSL VPN NetExtender NetExtender provides

Management Services SSL VPN Setup - SonicWall · 2020-04-15 · Management Services SSL VPN Setup Administration About SSL VPN 4 Benefits of SSL VPN NetExtender NetExtender provides

Documents
SA Series SSL VPN Appliances (SA2500, SA4500, SA6500) · DATASHEET 1 Product Description The Juniper Networks® SA2500, SA4500, and SA6500 SSL VPN Appliances meet the needs of companies

SA Series SSL VPN Appliances (SA2500, SA4500, SA6500) · DATASHEET 1 Product Description The Juniper Networks® SA2500, SA4500, and SA6500 SSL VPN Appliances meet the needs of companies

Documents
FortiGate SSL VPN Guide

FortiGate SSL VPN Guide

Documents
DIGIPASS KEY series and smart card series for Juniper SSL VPN

DIGIPASS KEY series and smart card series for Juniper SSL VPN

Documents
SSL VPN - cisco.com · SSL VPN TheSSLVPNfeatureorWebVPNprovidessupportintheCiscoIOSsoftwareforremoteuseraccessto enterprisenetworksfromanywhereontheInternet.RemoteaccessisprovidedthroughaSecureSocket

SSL VPN - cisco.com · SSL VPN TheSSLVPNfeatureorWebVPNprovidessupportintheCiscoIOSsoftwareforremoteuseraccessto enterprisenetworksfromanywhereontheInternet.RemoteaccessisprovidedthroughaSecureSocket

Documents
Vpn SSL en Microsoft

Vpn SSL en Microsoft

Technology
DIGIPASS Authentication for Juniper SSL-VPN - VASCO · PDF file4.2.1 Authentication Servers ... 9 DIGIPASS Authentication for Juniper SSL-VPN DIGIPASS Authentication for Juniper SSL-VPN

DIGIPASS Authentication for Juniper SSL-VPN - VASCO · PDF file4.2.1 Authentication Servers ... 9 DIGIPASS Authentication for Juniper SSL-VPN DIGIPASS Authentication for Juniper SSL-VPN

Documents
Juniper Networks SSL VPN - SafeNet - The Data Protection Company

Juniper Networks SSL VPN - SafeNet - The Data Protection Company

Documents
One Time Password/Juniper multiple authentication methods ... · The Juniper Networks SA SSL-VPN Serie is supporting RADIUS accounting-session-id, attribute number 44 which means

One Time Password/Juniper multiple authentication methods ... · The Juniper Networks SA SSL-VPN Serie is supporting RADIUS accounting-session-id, attribute number 44 which means

Documents
AX Series with Juniper Networks SA Series SSL-VPN ... · Deployment Guide AX Series with Juniper Networks SA Series SSL-VPN Appliances Solution

AX Series with Juniper Networks SA Series SSL-VPN ... · Deployment Guide AX Series with Juniper Networks SA Series SSL-VPN Appliances Solution

Documents
Juniper L2 MPLS VPN

Juniper L2 MPLS VPN

Technology
Juniper® SSL VPN appliance Integration Guide

Juniper® SSL VPN appliance Integration Guide

Documents
| Copyright © 2009 Juniper Networks, Inc. | 1 ICE (In Case of Emergency) for SA Series SSL VPN Appliances Overview

| Copyright © 2009 Juniper Networks, Inc. | 1 ICE (In Case of Emergency) for SA Series SSL VPN Appliances Overview

Documents
ssl vpn presentation 2

ssl vpn presentation 2

Documents
Juniper VPN Ssg500

Juniper VPN Ssg500

Documents
Juniper Networks SA Series SSL-VPN Deployment Guide for the AX

Juniper Networks SA Series SSL-VPN Deployment Guide for the AX

Documents
DIGIPASS Authentication for Juniper SSL-VPN - VASCO · 2 DIGIPASS Authentication for Juniper SSL-VPN DIGIPASS Authentication for Juniper SSL-VPN Table of Contents Disclaimer

DIGIPASS Authentication for Juniper SSL-VPN - VASCO · 2 DIGIPASS Authentication for Juniper SSL-VPN DIGIPASS Authentication for Juniper SSL-VPN Table of Contents Disclaimer

Documents
Configuring Juniper Networks SSL VPN Security ... - Avaya · These Application Notes describe the steps to configure a Juniper Networks Secure Access SSL VPN appliance to support

Configuring Juniper Networks SSL VPN Security ... - Avaya · These Application Notes describe the steps to configure a Juniper Networks Secure Access SSL VPN appliance to support

Documents