Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RADIUS question

0 views
Skip to first unread message

SLaw

unread,
Nov 24, 2003, 9:45:51 AM11/24/03
to
Hi,

As tech support people we're hoping to make us of broadband internet access
to access our network in the evenings weekends. We currently have a dial up
VPN option using SecureID authentication that provides a basic IP connection
to our network, but it's so damned slow... so I'm trying to come up with
another way. The only security stipulation is that SecureID authentication
using our Ace server system must be involved.

I understand that Bordermanager/NMAS can handle the SecureID aspect, but I'm
not clear on whether I can do this using a standard VPN connection across
the internet to Bordermanager, or whether I have to use RADIUS. Can I
configure RADIUS to accept incoming connections from the internet? Do I need
to involve RADIUS? What would be the simplest way to achieve this?

We have BM3.7 on a NW6 SP3 server. We have a seperate firewall that's not
Bordermanager-based (not sure what it is).


Thanks,


Steve Law


Scott Kiester

unread,
Nov 24, 2003, 11:48:15 AM11/24/03
to
BorderManager 3.7 does not use NMAS, but you can make it work with SecurID.
You don't need to use the BMAS RADIUS server.

You'll need to configure an "External Login Service." You'll also need to
configure the RADIUS daemon on your RSA ACE/Server, and configure your
BorderManager VPN server as a RADIUS client on the ACE/Server. The External
Login Service is a RADIUS client that you can configure to authenticate
users against an external RADIUS server for any of the BorderManager
services.

Using NWAdmin, you'll need to create an External Login Service container. If
I remember correctly, there is an NWAdmin property page for this container
that will allow you to enter the IP address and shared secret for your RSA
ACE/Server. You'll also need to create a login rule for VPN to use the
External Login Service. Login rules are configured on the Login Policy
Object in the Security container. There should be a specific set of steps
for doing this included somewhere in the BorderManager 3.7 documentation.

>>> SLaw<SL...@novell.com> 11/24/2003 7:45:51 AM >>>

SLaw

unread,
Nov 28, 2003, 4:54:28 AM11/28/03
to
Hi Scott,

Thanks for detailed answer. Think I have found the related Bordermanager
docs, I'll give it a go.


Steve Law


"Scott Kiester" <SKie...@NOSPAM.novell.com> wrote in message
news:jDqwb.8749$I04....@prv-forum2.provo.novell.com...

0 new messages