User`s guide
342
Configuration – Security > Users > User n > Advanced
Allow this user to log in over a PPP network
Enabling this will allow the user to log in to the router using PPP. Disabling this will disable
PPP login for the user no matter what the user’s access level is.
Use this number x when PPP dial-back is required for this user
The telephone number for the user in the event that “dial-back” is required. If the username
that the remote router uses during the PPP authentication matches the username of the
user where a dial-back number is configured, the user’s dial-back number will override any
dial-back number configured in the answering PPP interface.
Alternate IKE Key / Confirm Alternate IKE Key
When IKE is the initiator, the responder supplied HASH is checked using the normal
password (above) and if that fails, the Alternate Key (here). The initiator will remember
which password was successful, and use that password to create the HASH if it becomes the
responder of some new negotiation. If the IKE becomes a responder and IKE negotiations
fail after supplying the HASH, the other password will be used during the next negotiation.
Using this Alternate Key, it should be possible to configure new passwords into both ends of
a tunnel, and not have too many failed negotiations. The process would be to add the
Alternate Key into the remote router, then update the local router with the Alternate Key.
Once that has been done, the administrator would then be able to move the Alternate Key
to the usual location (Password) and remove the Alternate Key (newpwd) from the
configuration. Should a negotiation take place during the period where the Alternate Key
has been entered into the remote router, but not the local router, there should be no more
than one failed negotiation, and only if the remote router is the initiator.
Remote Peer IP address
In certain circumstances, it may be desirable for a user connecting in over a PPP connection
to be allocated a specific IP address, rather than be allocated an address from a pool
configured on a PPP interface. When this parameter is configured, the IP address
negotiated on the PPP link will be this one, not an address from the regular IP address pool.
Remote Peer IP subnet
In the event that multiple PPP interfaces are enabled for answering and that multiple remote
routers can dial into the local router, static routes cannot always be used to ensure that
packets which should be routed to the remote network are sent through the correct PPP
interface. This parameter can be used in conjunction with the ‘Remote Peer IP subnet mask’
parameter to associate a network subnet with a user.
When a remote unit “connects in” and authenticates with the unit, the unit will then create a
dynamic route (that will override any static routes) for the duration of the PPP session. The
interface for the dynamic route will be the PPP interface that answered the call. The network
address for the dynamic route will be taken from the entry in the user table that matches
the username that the remote unit used during the PPP authentication.
Remote Peer IP subnet mask
The remote subnet mask parameter is used in conjunction with the ‘Remote Peer IP subnet’
parameter above to fully qualify the network address for the user.
Public Key file
The name of the file containing the public key for that user. If the public key matches the
client supplied public key, the user is allowed access.