We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

Attention

This Firmware Version Is Going End-Of-Support
As of 1st March 2019, all new sales for the Barracuda SSL VPN product will cease. Only renewals of software and hardware subscriptions for a maximum of one year are available for a limited time. 1st March 2020: All Barracuda SSL VPN sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires.

How to Configure Entrust IdentityGuard Authentication

  • Last updated on
The Barracuda SSL VPN can authenticate users with login information from Entrust IdentityGuard servers. When configured, the Java based RADIUS client sends authentication requests to the IdentityGuard server and allows access to the Barracuda SSL VPN unit based upon a success or failure message returned by the server. Specify the Barracuda SSL VPN as a RADIUS client on the IdentityGuard server, configure the RADIUS server settings on the Barracuda SSL VPN and set up a RADIUS authentication scheme for your users.

Before you begin

You must have your IdentityGuard server configured to accept RADIUS requests from the Barracuda SSL VPN. To do this, specify the Barracuda SSL VPN IP address as a RADIUS client on the server.

Step 1. Configure the RADIUS server

  1. Open the Management System > ACCESS CONTROL > Configuration page.
  2. Enter the following information in the RADIUS section:

    • RADIUS Server – Enter the hostname or IP address of the IdentityGuard server.

    • Authentication Port – Enter 1812.

    • Shared Secret – Enter the shared secret. This passphrase must be configured on the IdentityGuard server.

    • Authentication Method – Select PAP.

    • Reject Challenge – Disable in order to receive additional RADIUS prompts such as change PINs prompts.
      id_guard01.png

  3. Click Save Changes.

Step 2. Create an authentication scheme

  1. Go to the Manage System > ACCESS CONTROL > Authentication Schemes page.
  2. Create an authentication scheme which contains the RADIUS module (select RADIUS, click Add). You may add more modules if you wish to have multi factor authentication.
  3. Select a policy which will be able to use this authentication (e.g. Everyone) and click Add.
    id_guard02.png
  4. Click Add.

The new scheme is now listed in the Authentication Schemes section, this may be set as the default module by clicking More.. next to the entry and choosing Increase Priority until it appears at the top of the list.

id_guard03.png

Step 3. Test the IdentityGuard authentication

To log into the Barracuda SSL VPN using Entrust IdentityGuard authentication, create a user account to match the RADIUS login name. Alternatively, if you are using an Active Directory or LDAP server, ensure this account exists on the user database. To create a new user account,

  1. Go to the Manage System > ACCESS CONTROL > Accounts page.
  2. Enter a username and password and click Add.

To test the authentication, log in as the user:

  1. Enter the username and click Login.
    id_guard05.png
  2. Enter the password and click Login.
  3. Work out the passcode based on the grid.

You are now logged into the Barracuda SSL VPN.

Last updated on