cancel
Showing results for 
Search instead for 
Did you mean: 

Management Interface Access Question

Highlighted
New Contributor

Management Interface Access Question

Hi everyone,

 

I'm trying to figure out how to enable the management interface url for the */ sign in page.  I know it should be possible I just can't figure out what piece I'm missing.

 

when I try to access it at https://x.x.x.x I get a splash screen that says "You do not have permission to login. Please contact your administrator"  I never get prompted for username / password ... nothing, just straight to this splash screen.

 

when I try to access it at https://x.x.x.x/admin I get the expected login page.

 

I've created a custom amin realm which is pointing to an ldap server for auth.  the auth policy is set to "allow users from any IP" and I've got the "Enable administrators to sign in on the Management Port" checked.

 

I've created a new sign-in page for users/administrators which the */ User URL is pointing to.

 

The reason I'm trying this is to test allowing customer access to the read only admin role while using their ldap server for authentication pn the management interface and still allowing those same accounts access to the VPN service on the production interface.

 

The IVE is running 7.3r6 VM-DTE version.

 

Thanks,

Mark

4 REPLIES 4
Highlighted
Super Contributor

Re: Management Interface Access Question

Hi Mark,

 

Admin  page cannot be accessed with */ url, you can use * /admin or create a new sign in policy for administrators with path */Radmins as an example and map it to the REALM that you created for admins.

 

Thanks,

Jay

Highlighted
Regular Contributor

Re: Management Interface Access Question

Can a standalone MAG management port be assigned with 2 IP addresses?
Highlighted
Valued Contributor

Re: Management Interface Access Question

Michael - you of course can only have one actual address on the physical interface (either internal or external) but you can use the virtual port capability (IE - Network / Internal I/F / Virtual Ports) to assign multiple addresses to the MAG box. It will answer to any of those addresses, the same as if you used the standard IP address.

 

Hope that answers your question. 

 

 

Highlighted
Contributor

Re: Management Interface Access Question

What account are you trying to use to access the management port? Last I checked, a user account could not login to the Management port. It only allowed access to admin account. I guess I could do some additional testing to very. You can create a read only account and allow the customer to login through the regualar internal or external port (whichever you are using) with the admin url. But they would only be able to see but not make any changes.