Authentication Server
When a Road Warrior IPsec client that requires RADIUS authentication establishes an IPsec tunnel to an Ingate Firewall, it only gets access to an authentication server in the firewall. The user must connect to it (using a web browser) and authenticate himself. Once that is done, rules and relays are set up properly.
This means that there must be a row in the IPsec tunnel containing the authentication server on the Local side, or the RADIUS authentication won't work.
When you want to disconnect, you should log out from the authentication server using the web browser. This will create a blacklisting of this IP address, which means that you will not be able to contact the firewall during the blacklist period. A result of the blacklist is that you will not receive any Logout succeeded message when the Log out button is pressed, since the firewall is blocking all traffic to the client.
If you do not log out, only disconnect, the firewall eventually will detect that the IPsec client is unreachable. The user is then logged off. This is done when the firewall tries to negotiate a new IPSec key. The IPSec key lifetime should be rather short because of this.
IP address and port of authentication server
Select the IP address and port that the IPsec users should use to identify themselves for the RADIUS server. You cannot select the same combination of IP address and port as is used for configuring the firewall.
Use this certificate for the authentication server
The authentication server is contacted via HTTPS (HTTP over TLS). To use TLS, the server must have an X.509 certificate, which works as an ID card, identifying the server to your web browser. This will ensure that you are really communicating with your server and not somebody else's computer. TLS uses an encryption method using two keys, one secret and one public. The secret key is kept in the server and the public key is used in the certificate. If any of the keys is changed, the TLS connection won't work.
Select which of the firewall certificates to use for road warrior RADIUS authentication. The certificates are created on the Certificates page.
Save
Saves the Authentication Server configuration to the preliminary configuration.
Undo
Reverts all of the above fields to their previous configuration.