0

Could somebody explain how tokens fit into the VPN world? We currently use Citrix XenApp as our remote access solution and it works very well. But we're considering adding an additional layer of security with tokens. We're not in the SecurID price range but something like SafeWord looks good. To complicate matters, we're also looking at establishing a VPN to allow both direct network access and Citrix. I understand how VPN works in theory and for us, this box looks ideal:

http://www.netgear.co.uk/ssl_vpn_concentrator_ssl312.php

But not sure if this solution would fit in with a token system. I suppose I'm asking what are all the bits in a token based VPN solution? What boxes and bits of software usually make up the blend?

Cheers, Rob.

radius
  • 9,545
  • 23
  • 45
Rob Nicholson
  • 1,678
  • 8
  • 27
  • 53

2 Answers2

1

A minor correction to "radius": most of the "big name" (and quite a lot of the not-so-big) VPN vendor support the RSA SecurID protocol natively. That means integration with SecurID is (mostly) a case of configuring the VPN device with the necessary information to locate the SecurID servers (that's contained in what RSA calls the "sdconf.rec" file).

You load it up in the VPN box and off you go.

Of course, using RADIUS is also an option, but you don't have to stand-up a separate Radius server, as the Authentication Manager server comes bundled with a cut-down Radius server precisely to be able to "talk" radius with the devices that don't support the SecurID protocol natively (other times it's been called ACE or SID).

For more information and detailed configuration guides, RSA publishes guides to all certified products (ie, those that have gone through a certification process, but many more are working with SecurID fine), in the site http://www.rsasecured.com

Hope this helps

JJarava
  • 167
  • 2
  • 9
0

For SecurID you have to install a Radius server, then just to configure your VPN concentrator to use this Radius server.
I guess that SafeWord is working in the same,I don't see how it could work is another way.
As the spec of the concentrator say that it support RADIUS "Supports multiple backend user repositories, including Microsoft Active Directory, LDAP & RADIUS" it should be OK.
Just ask SafeWord is they do use a Radius server

radius
  • 9,545
  • 23
  • 45