Add a RADIUS gateway to allow PingOne to communicate with your RADIUS clients.
- Go to Connections > Gateways.
- Click the + icon.
-
Enter the following and click Next:
- Name: A name for the gateway. The name must be unique within the environment.
- Gateway Type: Select RADIUS.
- Description: (Optional). A brief description of the gateway.
- In the DaVinci Policy ID field, select the DaVinci Policy ID that you want to apply to the RADIUS gateway.
-
If you want to define a Default Shared Secret, enter it
here.
If no default is defined, you must enter a Client Shared-Secret for each Client IP address that you add.
Note:- The RADIUS server authentication port is 1812.
- For security reasons, you should rotate the shared secret at least once a year.
- Optional:
The RADIUS gateway uses the PAP protocol by default. To use MSCHAPv2 protocol,
configure the RADIUS gateway to work with your Network Policy Server
(NPS):
- Select the Use RADIUS Remote Network Policy Server check box.
- Enter the relevant NPS Server IP and Server port.
Note:Because validation of the client IP shared secret is performed on the RADIUS gateway side and the NPS side, you must make sure the shared secret on the client matches the shared secret on the endpoint NPS.
-
In the RADIUS clients area, for each client that you
want to add:
- Click Add Client.
-
In the new row, enter the Client IP address of
the VPN server or remote access system and the Client Shared
Secret.
If the Client Shared Secret field is left empty, the Default Shared Secret is used.
-
Click Save.
You can see the new gateway in the Gateways list. PingOne generates a gateway credential, which the gateway uses to authenticate with PingOne.
Important:A gateway credential is like a password, so keep it protected. For security reasons, PingOne does not store the generated gateway credentials, but you can always create a new one in the PingOne console. Multiple gateway instances can use the same gateway credential.
-
Copy the credential and paste it to a secure location.
You’ll use the credential later when starting a gateway instance.
- Optional: Click Show me the Docker command and copy it to a secure location.
- Click Done.