[j-nsp] Vpn with rsa

Stefan Fouant sfouant at gmail.com
Wed Jul 16 10:37:31 EDT 2008


Whoops, sorry I forgot to mention that you can use an IKE/XAuth
account as well.  Yep, if you've got it already set up, you should
just be able to forward the authentication requests toward the RSA
server as opposed to the local database and you should be good to go.

As I mentioned before however, the SecurID cannot assign remote
settings to an L2TP or an XAuth user, so if you intend on assigning
any remote settings, you are probably better off using an Auth user
for this purpose.

Good luck!

On Wed, Jul 16, 2008 at 10:21 AM, sunnyday <cscosunny at gmail.com> wrote:
> I have an working ipsec vpn  with xauth.i use the shrew soft vpn client. can
> I just forward the requests to the RSA authentication manager instead of the
> local database?
> I tried it but with luck.
>
>
> -----Original Message-----
> From: Stefan Fouant [mailto:sfouant at gmail.com]
> Sent: Wednesday, July 16, 2008 5:17 PM
> To: sunnyday
> Cc: Juniper-Nsp; nn at compsoc.com
> Subject: Re: [j-nsp] Vpn with rsa
>
> For dial-up VPN applications, you can configure an Auth or L2TP user
> and authenticate them against the SecurID database.  I would recommend
> configuring an Auth user as the SecurID cannot assign remote settings
> to an L2TP user.  Once you've configured your Auth user account and
> set up authentication against the SecurID server, it's really just a
> simple matter of specifying the Auth user in the IKE Phase 1 profile.
>
> For more information, you are really going to need to dig into the
> manuals.  The "ScreenOS Concepts and Examples Guide Volume 9: User
> Authentiation" should provide you an ample starting point.
>
> HTHs.
>
> On Wed, Jul 16, 2008 at 3:52 AM, sunnyday <cscosunny at gmail.com> wrote:
>> I need to configure (if possible ) a vpn with rsa authentication.i have
> some
>> tokens which generate the tokens codes and have setup the securID server.
>>
>> I already have a IPSEC vpn. I need to know what steps to take to use rsa
>> tokens to authenticate when requesting access to the vpn.
>>
>> Any help appreciated.
>>
>> Thank you
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> GPG Key ID: 0xB5E3803D
>
>



-- 
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D


More information about the juniper-nsp mailing list