Q

How do I connect to our VPN with authentication ID?

Learn how to connect wireless laptops to your VPN using a SecurID authentication and Nortel Contivity VPN gateway in this Q&A with wireless expert Lisa Phifer.

I would like to connect wireless laptops to our VPN using a Nortel Contivity VPN gateway and RSA SecurID authentication. The catch is that the switch requires a group ID and password as well, and I'm not sure where to place those credentials in the SoftRemote Client in order to connect to this VPN

The Nortel VPN gateway uses XAUTH for RSE SecurID user authentication. XAUTH is an extension to standard IKE authentication that occurs after phase one pre-shared key authentication, before phase two IPsec tunnel establishment. Therefore, you should follow your VPN client's instructions for configuring a pre-shared key (not a certificate).

In SoftRemote, under the Phase 1 branch of the VPN gateway's configuration, choose Authentication Method = Pre-Shared Key; Extended Authentication. Then enter the Nortel's Group ID and password by clicking on the My Identity configuration. Choose ID Type = Domain Name, enter the Group ID in the field beneath ID Type, and then click on Pre-Shared Key to enter your Nortel's VPN gateway's password.

The wireless user will be prompted to enter his or her SecurID one-time password after IKE phase one authentication is successful using that pre-shared key. This ensures that a laptop with an installed VPN client and saved pre-shared key cannot be used to break into the VPN without the user's SecurID token.

This was first published in July 2007

Dig deeper on WLAN Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close