[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    [Sidewinder] VPN authentication
From:       sidewinder-admin () adeptech ! com
Date:       2003-12-10 14:14:00
[Download RAW message or body]

I seem to recall that the securid file doesn't get created until the first
time you authenticate.  It is also pretty easy to get it out of sync between
the RSA SecurID server and the Sidewinder SecurID client.  If you regenerate
the authenticator on the SecurID server, you have to delete (or better yet,
rename) /etc/sidewinder/warder/securid.  Then, (if I remember correctly),
the next time it authenticates, it will generate a new one.  (It was either
that or you had to transfer it manually, but I don't recall doing that).

Before testing the VPN client, we tested authentication using the COBRA GUI
to make sure tat the SecurID part was working.

JRJ

-----Original Message-----
From: sidewinder-admin@adeptech.com
[mailto:sidewinder-admin@adeptech.com]
Sent: Tuesday, December 09, 2003 11:00 AM
To: sidewinder@adeptech.com
Subject: Sidewinder digest, Vol 1 #457 - 1 msg


Today's Topics:

   1. RE: Sidewinder digest, Vol 1 #456 - 1 msg
(sidewinder-admin@adeptech.com)

--__--__--

Message: 1
Date: Tue, 9 Dec 2003 10:53:16 +0000
To: sidewinder@adeptech.com
From: sidewinder-admin@adeptech.com
Reply-To: sidewinder@adeptech.com
Subject: [Sidewinder] RE: Sidewinder digest, Vol 1 #456 - 1 msg

I have managed to do this successfully once, and also had one failure!

If you have successfully set-up SecurID under Services ->
Authentication, you should be able to run the 'clientchk' command on
Sidewinder, this will show you the contents of the SDCONF.REC which
should allow you to ensure that the correct Client Name and IP addresses
have been specified.
Then check in the /etc/sidewinder/warders directory and ensure you have
a 'securid' file, and that Sidewinder can successfully 'see' the SecurID
box, ping it by hostname as well as IP address.

Once all that is working, on the VPN Configuration -> ISAKMP Server
section under Available Authentication Methods check SecurID and make it
the Default in the drop down list box (if it isn't already).
NOW On the VPN Configuration -> Security Associations section check the
box for 'Require Extended Authentication' on the Authentication Tab, for
all the SA's you want to use SecurID.

That should be it for the Sidewinder end of the link.  Finally on the
SoftRemote end you need to specify on Authentication Phase1 -> Proposal
1 (or whatever you've called the proposal) RSA Signatures; Extended
Authentication OR Pre-Shared Key; Extended Authentication if you're
using a pre-shared key!

Hope this is what you needed.  When it works, it works pretty easily,
when it doesn't it's a bit of a nightmare.  My failure is still not
working, and there is definitely something weird going on between
Sidewinder and SecurID, but as we are not SecurID experts I have had to
call it a day!


Adam Thompson




Message: 1
Date: Fri, 05 Dec 2003 15:00:44 +0000
Organization: Volt Europe
To: sidewinder@adeptech.com
From: sidewinder-admin@adeptech.com
Reply-To: sidewinder@adeptech.com
Subject: [Sidewinder] VPN authentication

Hi,

I am trying to set up Safenet VPN clients to connect to our Sidewinder
(V5.2) to be authenticated via RSA SecurID.
So far, I have not found any way to do this; does anybody know whether
it can be done and how?

Thanks

Pete Dewell
--

Technical Support/Analyst
Volt Europe
Tel    : (+44) (0) 1737 774100
Fax    : (+44) (0) 1737 772949
Mobile : (+44) (0)  777 1513066
E-mail  pete.dewell@volteurope.com


*****************************************************
Adam Thompson
Clearview Systems
Tel: 020 82162300
Fax: 020 82162301
Home Page: http://www.clearview.co.uk/
*****************************************************




--__--__--

_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder


End of Sidewinder Digest
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic