It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure VPN Authentication for SMS PASSCODE

  • Last updated on

SMS PASSCODE offers strong authentication via SMS messaging on mobile phones. It provides out-of-the-box protection of standard login systems such as Citrix, Cisco, Microsoft, other IPsec and SSL VPN systems, as well as websites. Follow the steps in this article to configure VPN authentication for SMS PASSCODE.

Step 1. Enable RADIUS Authentication

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
  2. In the left menu, select RADIUS Authentication.
  3. Click Lock.
  4. From the Activate Scheme field, select Yes.
  5. In the Basic section, click + to add a RADIUS Server. The Basic configuration window opens.
  6. In the Radius Server Address field, enter the IP address of the IAS/NPS server as the SMS PASSCODE RADIUS authentication client.

    The Radius Server Key must match the Shared Secret on the server. The shared secret can consist of small and capital characters, numbers, and non-alpha-numeric symbols, except the hash sign (#).

  7. Click OK.
  8. Select Login-LAT-Group from the Group Attribute drop-down list.
  9. Next to the Group Attribute Delimiter field, select the Other check box.
  10. Enter ; as the the Group Attribute Delimiter.
  11. From the Group Attribute Usage list, select All.

    sms_p01.png

  12. Click Send Changes and Activate.

Step 2. Configure the Client-to-Site VPN

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN-Service > Client to Site.
  2. Click Lock.
  3. Click the External CA tab and then click the Click here for options link. The Group VPN Settings window opens.
  4. When using user/password authentication, select the External Authentication check box.
  5. From the Default Authentication Scheme list, select radius.
    sms_p02.png
  6. Click OK.
  7. Click Send Changes and Activate.

Step 3. Create a Group Policy

Create a Group Policy with the corresponding Group Policy Condition to allow access from the client. (For detailed information on how to create group policies, see Step 4 in How to Configure a Client-to-Site VPN Group Policy.)

It is possible to limit to Group Pattern (groups sent in the Login-LAT-Group attribute).

Group Policy Setup

gr_policy.png
Group Condition Setup

pol_cond.png

Step 4. Configure SMS PASSCODE

  1. Install and configure the RADIUS client according to the "SMS PASSCODE Administrator's Guide."
  2. From the Authentication tab in the SMS PASSCODE - Configuration Tool window, select Always from the Request Policies execution list in the Side-by-side section.
    See the following figure:
    sms_pass.jpg
  3. Open the Microsoft Windows Network Policy Server (IAS/NPS) and create a network policy. Open the policy and choose the Windows groups containing the users. 

    The user must be a member of the group. For more details, see the "SMS PASSCODE Administrator's Guide."

    pass_admin.jpg

  4. To send group names to the RADIUS client, configure the Login-LAT-Group attribute.
    lat_login.jpg