SMS PASSCODE offers strong authentication via SMS messaging on mobile phones. It provides out-of-the-box protection of standard login systems such as Citrix, Cisco, Microsoft, other IPsec and SSL VPN systems as well as websites. Follow the steps in this article to configure VPN authentication for SMS PASSCODE.
Step 1. Enable RADIUS Authentication
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
- In the left menu, select RADIUS Authentication.
- Click Lock.
- From the Activate Scheme field, select Yes.
In the Radius Server Address field, enter the IP address of the IAS/NPS server as the SMS PASSCODE RADIUS authentication client.
Click Send Changes and Activate .
Step 2. Configure the Client-to-Site VPN
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > Client to Site.
- Click Lock.
- Click the External CA tab and then click the Click here for options link.
- In the Group VPN Settings window, select the External Authentication check box.
- From the Authentication Scheme list, select radius.
- Click OK.
- Click Send Changes and Activate.
Step 3. Create a Group Policy
Create a Group Policy with the corresponding Group Policy Condition to allow access from the client.
Group Policy Setup
Group Condition Setup
Step 4. Configure SMS PASSCODE
- Install and configure the RADIUS client according to the "SMS PASSCODE Administrator's Guide."
- From the Authentication tab in the SMS PASSCODE - Configuration Tool window, select Always from the Request Policies execution list in the Side-by-side section.
See the following figure: Open the Microsoft Windows Network Policy Server (IAS/NPS) and create a network policy. Open the policy and choose the Windows groups containing the users.
- To send group names to the RADIUS client, configure the Login-LAT-Group attribute.