Using RADIUS Servers for Authentication and Authorization70 Firebox SSL VPN Gateway• Type is the vendor-assigned attribute number.• Attribute name is the type of attribute name that is defined in IAS. The default name isCTXSUserGroups=.• Separator is defined if multiple user groups are included in the RADIUS configuration. A separatorcan be a space, a period, a semicolon, or a colon.To configure IAS so the Firebox SSL VPN Gateway can use RADIUS authorization, follow the steps below.These steps assume that IAS is installed from the Add/Remove Programs Control Panel. For more infor-mation about installing IAS, see Windows Help.To configure Microsoft Internet Authentication Service for Windows 2000 Server1 Open the Microsoft Management Console (MMC) by clicking Start > Run.2 In Open, type MMC.3 In the MMC console, on the File menu, click Add/Remove Snap-in.4 Click Add and in the Add/Remove Snap-in dialog box, select Internet Authentication Serviceand click Add.5 Select Local computer and click Finish.6 Click Close and then click OK.7 Right-click Remote Access Policies and then click New Remote Access Policy.8 Select Set up a custom policy.9 In Policy name, give the policy a name and click Next.10 Under Policy Conditions, click Add, select Windows-Groups, and click Add.11 In Select Groups, click Add, and then type the name of the group.12 A summary of conditions to match the policy is shown. To add more conditions, click Add,otherwise, click Next.13 In the Edit Dial-In Profile dialog box, on the Authentication tab, select EncryptedAuthentication (CHAP) and Unencrypted Authentication (PAP, SPAP).NotePassword Authentication Protocol (PAP) is an authentication protocol that allows Point-to-PointProtocol (PPP) peers to authenticate one another. PAP passes the password and host name or user nameunencrypted. PAP does not prevent unauthorized access but identifies the remote end.14 Clear Microsoft Encrypted Authentication version 2 (MS-CHAP v2) and Microsoft EncryptedAuthentication (MS-CHAP).15 Click OK.The Firebox SSL VPN Gateway needs the Vendor-Specific Attribute to match the users defined in the group on theserver with those on the Firebox SSL VPN Gateway. This is done by sending the Vendor-Specific Attributes to theFirebox SSL VPN Gateway.16 In the Edit Dial-in Profile dialog box, click the Advanced tab.17 Click Add.