To create the new authentication scheme shared secret, follow the steps below: Step II - Create a new authentication scheme First, create a new authentication scheme, then configure the settings for your RADIUS server. You must now configure the Barracuda SSL VPN™ device to communicate with the ESA Server. Make sure that the check box next to Mobile Application is selected.ĮSA has now been configured to communicate with the Barracuda SSL VPN™ device.It is also recommended that you limit VPN access to a security group in the Users section. To prevent locking any existing, non-2FA enabled AD users out of your VPN we recommend that you allow Non-2FA users during the transitioning phase.In the Authentication section apply the settings shown in Figure 1-1 below.The shared secret is the RADIUS shared secret for the external authenticator that you will configure on your appliance.If your appliance communicates via IPv6, use that IP address along with the related scope ID (interface ID). The IP address is the internal IP address of your appliance. Configure the IP Address and Shared Secret for the Client so that they correspond to the configuration of your VPN appliance.Give the RADIUS client a memorable name for easy reference.Click the hostname, then click Create New Radius Client.Navigate to Components > RADIUS and locate the hostname of the server running the ESA RADIUS service.To allow the Barracuda SSL VPN™ device to communicate with your ESA Server, you must configure the device as a RADIUS client on your ESA RADIUS Server: The RADIUS protocol requires that access requests to RADIUS servers include the IP address for the RADIUS client (for example, the Barracuda SSL VPN™ device). If you wish to utilize other Client type, refer to generic description of Client types and verify with the vendor if the VPN appliance supports it.
This integration guide utilizes Client does not validate user name and password Client type for this particular VPN appliance.