How to use RSA SecurID Authentication with a Client VPN tunnel

Article:TECH84070  |  Created: 2005-01-30  |  Updated: 2007-01-02  |  Article URL http://www.symantec.com/docs/TECH84070
Article Type
Technical Solution


Issue



You need to configure your firewall to use SecurID to authenticate client VPN connections.

Symptoms
Using SecurID Authentication with a Client VPN tunnel You need to configure your firewall to use SecurID to authenticate client VPN connections.



Solution



To configure your security gateway to use SecurID for authentication of Client VPN tunnels, you must perform the following tasks:
  • Configure the RSA SecurID authentication server record
  • Configure the authentication scheme
  • Apply SecurID Authentication to the VPN user group
To configure the RSA SecurID authentication server record
  1. In the Security Gateway Management Interface (SGMI), in the left pane, under Assets, click Authentication Servers.
  2. In the right pane, on the Authentication Server tab, click New > RSA SecurID.
  3. In the RSA SecurID Properties dialog box, on the General tab, configure the following attributes:
    Name:  Type a unique name for the authentication server.
    ACE Server Interface:  Choose the security gateway network interface closest to the RSA SecurID server.
    sdConfData:  Upload the sdconf.rec file from the RSA SecurID server.
  4. Click OK.
To configure the authentication scheme
  1. In the SGMI, in the left pane, under Assets, click Authentication Servers.
  2. In the right pane, on the Schemes tab, click New.
  3. In the Scheme Properties dialog box, in the Name text box, type a unique name for the authentication scheme.
  4. In the list of authentication server records, next to the RSA SecurID record that you created, check Authentication.
    Do not check Group Information.
  5. Click OK.
To apply SecurID Authentication to the VPN user group
  1. In the SGMI, in the left pane, under Assets, click Users.
  2. On the User Groups tab, double-click the user group which contains your VPN users.
  3. In the user group properties, on the VPN Authentication tab, configure the following attributes:
    Authentication Scheme:  Choose the authentication scheme you configured for SecurID authentication
    User Binding:  No Binding
    Enforce Group Binding:  Unchecked
  4. In the SGMI, on the toolbar, click the Activate icon.
    When you are asked to save your changes, click Yes.



References
RSA SecurID Ready Implementation Guide





Legacy ID



2005123008543954


Article URL http://www.symantec.com/docs/TECH84070


Terms of use for this information are found in Legal Notices