Manualshelf

HP-UX AAA Server A.08.00.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
381382383384385386387388389390
24 VPN Tunneling
Tunneling involves access to a server that provides secure intranet or other network
functionality through a dial-up or Internet connection from a client workstation. This
process can be categorized as one of two types: voluntary or compulsory. Some
applications, such as secure access to corporate intranets through the Internet, are
characterized by voluntary tunneling, where users create the tunnel through client
software at their workstation. These tunnels are created independently of the AAA
server.
Compulsory VPN tunnels are established by returning tunneling attributes to the access
device. The HP-UX AAA Server supports tagged attributes that can be used to specify
tunneling alternatives, in the event that the access device cannot establish the preferred
tunnel configuration.
NOTE: How you configure the server to handle hints in the Access-Request may also
affect how or if the tunnel is established
Establishing a Tunnel for a User
If the user profile is stored in a AAA server users file, select the Free tab from
the Modify User screen and then add the tunneling attributes that will define the
tunnel.
If the user profile is stored in an LDAP LDIF file, add the attributes to the profile,
following the aaaReply: Tunneling-Attribute = Value syntax.
If you want to specify alternative tunnels, you should use tagged attributes with
the Tunneling-Attribute =:Tag-no:Value syntax. Each set of attributes that establish
one of the possible tunnels should be tagged with the same Tag-no. The order in
which the access device should consider the tunnel alternatives is specified with
the Tunnel Preference attribute. In the following example, the access device will
establish a tunnel according to those attributes tagged with 1, since that group has
Tunnel Preference set to “first,” and if the access device cannot establish the tunnel
with those attributes, it will use the alternative tagged with 2 (Tunnel Preference
of “second.”)
Establishing a Tunnel for a User 383