We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure VPN Authentication for SMS PASSCODE

  • Last updated on

SMS PASSCODE offers strong authentication via SMS messaging on mobile phones. It provides out-of-the-box protection of standard login systems such as Citrix, Cisco, Microsoft, other IPsec and SSL VPN systems as well as websites. Follow the steps in this article to configure VPN authentication for SMS PASSCODE.

Step 1. Enable RADIUS authentication

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service .
  2. In the left menu, select RADIUS Authentication .
  3. Click  Lock .
  4. From the Activate Scheme field, select Yes .
  5. In the  Radius Server Address  field, enter the IP address of the IAS/NPS server as the SMS PASSCODE RADIUS authentication client.

    The Radius Server Key must match the Shared Secret on the server.

  6. Click Send Changes and Activate .

Step 2. Configure the client-to-site VPN

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > Client to Site.
  2. Click Lock.
  3. Click the External CA tab and then click the Click here for options link.
  4. In the Group VPN Settings window, select the External Authentication check box.
  5. From the Authentication Scheme list, select radius.
  6. Click OK.
  7. Click Send Changes and Activate.

Step 3. Create a group policy

Create a Group Policy with the corresponding Group Policy Condition to allow access from the client.

It is possible to limit to Group Pattern (groups sent in the Login-LAT-Group attribute).

Group policy setup
gr_policy.jpg
Group condition setup

pol_cond.jpg

Step 4. Configure SMS PASSCODE

  1. Install and configure the RADIUS client according to the "SMS PASSCODE Administrator's Guide."
  2. From the Authentication tab in the SMS PASSCODE - Configuration Tool window, select Always from the Request Policies execution list in the Side-by-side section.
    See the following figure:
    sms_pass.jpg
  3. Open the Microsoft Windows Network Policy Server (IAS/NPS) and create a network policy. Open the policy and choose the Windows groups containing the users. 

    The user must be a member of the group. For more details, see the "SMS PASSCODE Administrator's Guide."

    pass_admin.jpg

  4. To send group names to the RADIUS client, configure the Login-LAT-Group attribute.
    lat_login.jpg
Last updated on