54 Chapter 7 - Alternate Protocols and Security Parameters
Setting the IntraPort for an ACE/Server Just a few basic settings are required for the IntraPort to communicate
with an ACE/Server.
• SecurID on
• Encryption method
• ACE/Server IP address
• Enable SecurID for a group of IntraPort users
CV: Use the SecurID Configuration Window (under Global/SecurID
Configuration) to set up a server. Use the SecurID tab in the VPN
Group Configuration Window to enable SecurID for a VPN
group.
TB: Use the configure command and set the Enabled, EncryptMeth
and PrimaryServer keywords in the SecurID section, then set
the SecurIDRequired keyword in a VPN Group Name section.
ACE/Server Settings To configure the ACE/Server for communication with the IntraPort,
consult the ACE/Server Installation Guide. You should consult the
ACE/Server Administration Manual on the ACE/Server CD-ROM for
instructions on adding and removing users in the ACE/Server database.
v Note: The IntraPort should be configured as a communication server
in the Client Type pull-down menu in the ACE/Server’s Add Client
dialog box (under Client>Add Client).
v Note: The first time the IntraPort contacts the ACE/Server, they
exchange a secret based in part on the IntraPort’s IP address.
After the first exchange, the Sent Node Secret checkbox in the
ACE/Server’s Add Client dialog box (which can be accessed using
the Add Client option under the Client menu) will be checked. The
checkbox will be grayed out until this initial exchange has taken
place. Any major changes to the IntraPort’s configuration (such as
changing its IP address) will mean that the IntraPort and the
ACE/Server will no longer be able to communicate. To get around
this, simply uncheck the Sent Node Secret checkbox on the
ACE/Server and issue the reset securid secret command in the
IntraPort. Remember to save the changes to both devices. The two
devices will do a new secret exchange and will be able to communi-
cate again.