Chapter 4 Create Secure Connections Across the Internet
ZyWALL USG 20-2000 User’s Guide
93
1
Install the SafeWord 2008 authentication server software on a computer.
2
Create user accounts on the ZyWALL and in the SafeWord 2008 authentication server.
3
Import each ZyWALL OTPv2 token’s database file (located on the included CD) into the server.
4
Assign users to ZyWALL OTPv2 tokens on the server.
5
Configure the SafeWord 2008 authentication server as a RADIUS server in the ZyWALL’s
Configuration > Object > AAA Server
screens.
6
Configure the appropriate authentication method object to use the SafeWord 2008 authentication
server RADIUS server object.
7
Configure Auth. Policy and VPN to use the authentication method object.
8
Give the ZyWALL OTPv2 tokens to the assigned users.
9
A user presses his ZyWALL OTPv2 token’s button to generate a password to enter in the
Login
screens’
One-Time Password
field.
4.7.1 What Can Go Wrong
• Users cannot log in if they try to re-use a password that they have already used to log in. Users
must generate a new password for each login.
• Authentication fails if the SafeWord 2008 authentication server goes down, loses its network
connection, or is too busy. Users can try again a little later.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
