How to use RSA SecurID Authentication with a Client VPN tunnel
|Article:TECH84070|||||Created: 2005-01-30|||||Updated: 2007-01-02|||||Article URL http://www.symantec.com/docs/TECH84070|
You need to configure your firewall to use SecurID to authenticate client VPN connections.
Using SecurID Authentication with a Client VPN tunnel You need to configure your firewall to use SecurID to authenticate client VPN connections.
To configure your security gateway to use SecurID for authentication of Client VPN tunnels, you must perform the following tasks:
- Configure the RSA SecurID authentication server record
- Configure the authentication scheme
- Apply SecurID Authentication to the VPN user group
- In the Security Gateway Management Interface (SGMI), in the left pane, under Assets, click Authentication Servers.
- In the right pane, on the Authentication Server tab, click New > RSA SecurID.
- In the RSA SecurID Properties dialog box, on the General tab, configure the following attributes:
Name: Type a unique name for the authentication server.
ACE Server Interface: Choose the security gateway network interface closest to the RSA SecurID server.
sdConfData: Upload the sdconf.rec file from the RSA SecurID server.
- Click OK.
- In the SGMI, in the left pane, under Assets, click Authentication Servers.
- In the right pane, on the Schemes tab, click New.
- In the Scheme Properties dialog box, in the Name text box, type a unique name for the authentication scheme.
- In the list of authentication server records, next to the RSA SecurID record that you created, check Authentication.
Do not check Group Information.
- Click OK.
- In the SGMI, in the left pane, under Assets, click Users.
- On the User Groups tab, double-click the user group which contains your VPN users.
- In the user group properties, on the VPN Authentication tab, configure the following attributes:
Authentication Scheme: Choose the authentication scheme you configured for SecurID authentication
User Binding: No Binding
Enforce Group Binding: Unchecked
- In the SGMI, on the toolbar, click the Activate icon.
When you are asked to save your changes, click Yes.
RSA SecurID Ready Implementation Guide
Article URL http://www.symantec.com/docs/TECH84070