Compatible Systems Enterprise-8, A00-1869 Setting up SecurID Authentication, ACE/Server Settings

Page 33

Chapter 6 - Basic Configuration Guide

27

Setting up SecurID Authentication

If you are using Security Dynamic’s ACE/Server software for user authentication, you must set up the IntraPort Enterprise-8 to communicate with the ACE/Server.

The Security Dynamics ACE/Server software performs dynamic two-factor SecurID authenti- cation. Dynamic two-factor authentication combines something the user knows – a memorized personal identification number (PIN) – with something the user possesses – a SecurID token which generates an unpredictable code every 60 seconds. This combination of PIN and SecurID tokencode represents a one-time PASSCODE and is transmitted to the ACE/Server software for verification. See Appendix C for information on how to obtain ACE/Server soft- ware and SecurID tokens.

To use ACE/Server software with the IntraPort Enterprise-8, you will need the following:

ACE/Server software running on a supported platform (see the ACE/Server Installa- tion Guide or README document for a current list of ACE/Server-supported plat- forms and other server requirements)

The VPN Client software, which functions as an ACE/Agent, running on a supported platform

SecurID tokens, distributed to appropriate personnel who will use them to access the ACE/Server-protected ACE Agents, including the VPN Client

Setting the IntraPort Enterprise-8 for an ACE/Server

Just a few basic settings are required for the IntraPort Enterprise-8 to communicate with an ACE/Server.

SecurID on

Encryption method

ACE/Server IP address

Enable SecurID for a group of IntraPort users

CV: Use the SecurID Configuration Dialog Box (under Global/SecurID) to enable SecurID and set the encryption method and server address.

Use the SecurID tab in the VPN Group Configuration Dialog Box to enable SecurID for a group of users.

TB: Use the configure command and set the Enabled, EncryptMeth and PrimaryServer keywords in the SecurID section, then set the SecurIDRequired keyword in a VPN Group Name section.

ACE/Server Settings

To configure the ACE/Server for communication with the IntraPort Enterprise-8, consult the ACE/Server Installation Guide. You should consult the ACE/Server Administration Manual on the ACE/Server CD-ROM for instructions on adding and removing users in the ACE/Server database.

ϖNote: The IntraPort Enterprise-8 should be configured as a communication server in the Client Type pull-down menu in the ACE/Server’s Add Client dialog box (under Client/Add Client).

ϖNote: The first time the IntraPort Enterprise-8 contacts the ACE/Server, they exchange a secret based in part on the IntraPort’s IP address. After the first exchange, the Sent Node Secret checkbox in the ACE/Server’s Add Client dialog box (which can be accessed using the Add Client option under the Client menu) will be checked. The checkbox will be grayed out until this initial exchange has taken place. Any major changes to the IntraPort Enterprise-8’s configuration (such as changing its IP address) will mean that the IntraPort and the ACE/Server will no longer be able to communicate. To get around this, simply uncheck the Sent Node Secret checkbox on the ACE/Server and issue the reset securid secret command in the IntraPort. Remember to save the changes to both devices. The two devices will do a new secret exchange and will be able to communicate again.

Page 32 Page 34
Image 33
Page 32 Page 34
Contents IntraPort Enterprise-8 VPN Access Server Installation Guide Page CompatiView Software Installation Network InstallationCommand Line Management Introduction to the IntraPort Enterprise-8Shipping Defaults Basic Configuration GuideLED Patterns and Test Switch Settings Appendix a Connector and Cable Pin OutsIii Appendix F Terms and ConditionsLocation of Voltage Switch on the Power Supply Introduction to the IntraPort Enterprise-8 IntraPort Enterprise-8 Installation OverviewIntraPort Enterprise-8 Manual Overview Getting Started Warranty and ServiceFew Notes Please Read the ManualsAdditional Items Needed for Installation What You Will Need to Get StartedSupplied with the IntraPort Enterprise-8 Placement Considerations Safety GuidelinesMounting Instructions Parts and Tools Changing the Power Supply Voltage SettingsInstalling Mounting Ears for a Telco Rack Installing Mounting Ears and HandlesRack-Mount Brackets Rack-Mount BracketsFastening the Right Bracket to the Rack Right Bracket InstallationFastening the Left Bracket to the Rack Left Bracket InstallationLowering the Shelf Securing the ShelfMoving the Unit into a Standard Equipment Rack Moving the Unit into the RackPlacing the Unit in a Standard Equipment Rack Placing the Unit in an Equipment RackSecuring the Unit to the Rack Securing the Unit to the RackPhysical Connection Requirements Network InstallationDetail of Riop Cards Connecting the Server to the EthernetConnecting a Management Console Powering Up the ServerPower Alarm Information Installation and Operation CompatiView Software InstallationCompatiView for Windows System RequirementsTransport Protocols and CompatiView Out-of-Band Command Line Management Command Line ManagementSetting Up Telnet Operation Ethernet Interface Configuration Basic Configuration GuideIP Settings for Setups in Parallel with a Firewall IP ProtocolIP Settings for Setups Behind a Firewall Configuring the Server for LAN-to-LAN Tunnels IPX ProtocolAppleTalk Protocol Required for Client Tunnel Configurations Configuring the Server for IP and IPX Client TunnelsSuggested for Client Tunnel Configurations VPN User DatabaseSetting up Radius Authentication Setting the IntraPort Enterprise-8 for a Radius ServerRadius Server User Authentication Settings Setting up SecurID Authentication Setting the IntraPort Enterprise-8 for an ACE/ServerACE/Server Settings Saving a Configuration File to Flash ROM Shipping Defaults Default PasswordEthernet Interfaces IntraPort Enterprise-8 LED Patterns IntraPort Enterprise-8 Switch Settings Pin Outs for DB-25 Male to DB-25 Female Console Cable Appendix a Connector and Cable Pin OutsAppendix B Downloading Software From Compatible Systems Appendix C Security Dynamics ACE/Server Information Removing and Replacing an Riop Card or Cover Plate Appendix D Adding or Replacing Riop CardsReplacing or Cleaning the Intraport Enterprise-8 Air Filter Appendix E When the Over Temp Light Comes OnAppendix F Terms and Conditions Appendix F Terms and Conditions
Top Page Image Contents