[j-nsp] Vpn with rsa

sunnyday cscosunny at gmail.com
Thu Jul 17 05:18:05 EDT 2008


I don't understand how to assign remote settings shrewsoft only has xauth
not auth  as an option.i have tried it from trust to untrust with
authentication applied on the policy for a specific user
And when he requested internet service he got a prompt to enter username and
password I entered the username I have configured in the RSA server and the
token code as password and worked.
The problem is on the vpn authentication that Im confused on the way the
authentication occurs.(Do I have to configure a locally user? If I don't how
will he receive ip address?) I  even  put it in the policy of the vpn
"Untrust to Trust" "authentication" the rsa server and got nothing. I would
really appreciated if  you help me out here.

-----Original Message-----
From: Stefan Fouant [mailto:sfouant at gmail.com] 
Sent: Wednesday, July 16, 2008 5:38 PM
To: sunnyday
Cc: Juniper-Nsp; nn at compsoc.com
Subject: Re: [j-nsp] Vpn with rsa

Whoops, sorry I forgot to mention that you can use an IKE/XAuth
account as well.  Yep, if you've got it already set up, you should
just be able to forward the authentication requests toward the RSA
server as opposed to the local database and you should be good to go.

As I mentioned before however, the SecurID cannot assign remote
settings to an L2TP or an XAuth user, so if you intend on assigning
any remote settings, you are probably better off using an Auth user
for this purpose.

Good luck!

On Wed, Jul 16, 2008 at 10:21 AM, sunnyday <cscosunny at gmail.com> wrote:
> I have an working ipsec vpn  with xauth.i use the shrew soft vpn client.
can
> I just forward the requests to the RSA authentication manager instead of
the
> local database?
> I tried it but with luck.
>
>
> -----Original Message-----
> From: Stefan Fouant [mailto:sfouant at gmail.com]
> Sent: Wednesday, July 16, 2008 5:17 PM
> To: sunnyday
> Cc: Juniper-Nsp; nn at compsoc.com
> Subject: Re: [j-nsp] Vpn with rsa
>
> For dial-up VPN applications, you can configure an Auth or L2TP user
> and authenticate them against the SecurID database.  I would recommend
> configuring an Auth user as the SecurID cannot assign remote settings
> to an L2TP user.  Once you've configured your Auth user account and
> set up authentication against the SecurID server, it's really just a
> simple matter of specifying the Auth user in the IKE Phase 1 profile.
>
> For more information, you are really going to need to dig into the
> manuals.  The "ScreenOS Concepts and Examples Guide Volume 9: User
> Authentiation" should provide you an ample starting point.
>
> HTHs.
>
> On Wed, Jul 16, 2008 at 3:52 AM, sunnyday <cscosunny at gmail.com> wrote:
>> I need to configure (if possible ) a vpn with rsa authentication.i have
> some
>> tokens which generate the tokens codes and have setup the securID server.
>>
>> I already have a IPSEC vpn. I need to know what steps to take to use rsa
>> tokens to authenticate when requesting access to the vpn.
>>
>> Any help appreciated.
>>
>> Thank you
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> GPG Key ID: 0xB5E3803D
>
>



-- 
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D



More information about the juniper-nsp mailing list