[vpn-help] VPN Access without Router Access on Adtran NetVanta 3448

Dennis Seger dseger at rebit.com
Mon Oct 10 09:27:57 CDT 2011


As a new admin of both Shrewsoft VPN client and Adtran routers, I'm hoping you can provide some guidance.

The setup is:
Shrewsoft client 2.1.7 for Windows
Adtran NetVanta 3448 Router (latest FW)

The issue I need assistance with is when I follow the Shrew.net how to instructions for Adtran NetVanta setup it results in the VPN users having both VPN access and full admin access to the router.  

The Adtran config does have 'portal-lists' which allow control over which management interfaces (http, ssh, telnet, etc) a user can use.  But if found that if I assign any type of portal-list configuration to a user, they can no longer make a VPN connection due to 'authentication failed'.  It only works if portal-list is set to 'none'.  I would like to maintain a dual-password (x-auth) security scheme (currently using preshared key and local Adtran user).

I asked Adtran support about this issue and they said that the work around is to use Radius authentication for VPN users rather than 'local user' list (local and radius are the only choices).  My client does not have a radius server and I'd like to avoid adding another network service just for VPN authentication if possible.

Does anyone have suggestions or experience with allowing VPN access without also allowing router management access on NetVanta routers?

Thanks - Dennis S



More information about the vpn-help mailing list