Nortel 3050 Implementation Manual
Vpn gateway rsa securid ready implementation guide
Hide thumbs
Also See for 3050:
- Command reference manual (516 pages) ,
- Troubleshooting manual (70 pages) ,
- Installation manual (22 pages)
Table of Contents
Advertisement
Quick Links
Download this manual
See also:
Troubleshooting Manual
Nortel Networks
VPN Gateway 3050
RSA SecurID Ready Implementation Guide
Partner Information
Product Information
Partner Name
Web Site
Product Name
Version & Platform
Product Description
Product Category
Last Modified: March 14, 2008
Nortel Networks
www.nortelnetworks.com
VPN Gateway 3050
7.0.1.0
The Nortel Networks VPN Gateway 3050 is a remote access
security solution that extends the reach of enterprise applications
and resources to remote users. The gateway performs on-the-fly
content transformation to instantly convert most intranet resources
into externally-viewable, secure HTML pages and employs an
advanced network address and port translation (NAPT) utility to
build SSL-secured VPN tunnels for client/server communications
Perimeter Defense (VPN, Firewalls & Intrusion Detection)
Advertisement
Table of Contents
Related Manuals for Nortel 3050
Summary of Contents for Nortel 3050
- Page 1 Version & Platform 7.0.1.0 Product Description The Nortel Networks VPN Gateway 3050 is a remote access security solution that extends the reach of enterprise applications and resources to remote users. The gateway performs on-the-fly content transformation to instantly convert most intranet resources...
-
Page 2: Solution Summary
Solution Summary The Nortel Networks VPN Gateway 3050 is a remote access security solution that extends the reach of enterprise applications and resources to remote employees, partners, and customers. By using the native capability of widely deployed Web browsers, the SSL VPN Gateway offers a convenient clientless alternative for securely provisioning resources for remote users, without the need to install and manage client tunneling software on their PCs. -
Page 3: Product Requirements
Product Requirements Partner Product Requirements: Nortel VPN Gateway 3050 Firmware Version 7.0.1.0 Hardware Platform Platform Required Patches VPN 3050, ASA 310, ASA 410, ASA 310 FIPS Additional Software Requirements Application Additional Patches Internet Explorer 5.0, 5.5 and 6.0 RSA SecurID files... - Page 4 RSA SecurID Appliance, an Agent Host record must be added to the RSA Authentication Manager database and the RADIUS server database if using RADIUS. The Agent Host record identifies the Nortel VPN Gateway within its database and contains information about communication and encryption.
-
Page 5: Before You Begin
Administrative tasks can be performed in the Command Line Interface (CLI) as well as the Web Administration GUI. All configuration steps and screenshots in this guide will refer to GUI administration. Please refer to Nortel Administrative documentation for more complete details on CLI and GUI Administration tasks. - Page 6 Creating and Configuring a RSA SecurID or RADIUS User Group From the admin console, expand VPN Gateways and click Add to add a VPN Gateway. Click Create VPN. Now click on the VPN Gateway you just created and click on Groups. Click on the button Add New Group.
- Page 7 Configure the RSA Server record Open the Management Interface (MIP) of the Nortel VPN Gateway using a web browser. Authenticate with administrative user account and select the Config tab. From the SSL-VPN admin menu select Administration > RSA Servers item.
- Page 8 Configuring the RADIUS Authentication Servers From the admin console, select VPN Gateways > Authentication. Click Add. Enter information for the Authentication Server such as Name and Display Name. The Authentication Mechanism will be RADIUS. Then click update to complete additional RADIUS authentication options. Select the Servers tab and click Add.
- Page 9 Configuring RADIUS Authentication Servers for Administrative Access From the admin console, select Administration > RADIUS. Click Add. Enter information for the RADIUS Authentication Server. Click update. Enable authentication by selecting enabled for RADIUS Authentication Status. Click update then Apply. NEW-PIN mode does not work via the admin console. See the Known issues section of this guide for more information.
-
Page 10: Testing The Configuration
Testing the configuration Open a web browser and point to the portal address. For user credentials enter a SecurID username and Passcode. From the Login Service list select your RSA SecurID or RSA RADIUS challenge group. Click Login to authenticate and enter the Portal Server. Note: The user name does not need to exist on the VPN Gateway 3050 in order to be authenticated. - Page 11 Certification Checklist Date Tested: September 26, 2007 Certification Environment Product Name Version Information Operating System RSA Authentication Manager Windows 2003 Server RSA RADIUS Server Windows 2003 Server VPN Gateway 3050 7.0.1.0 IOS Router Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN Force Authentication After New PIN...
- Page 12 Certification Checklist For RSA Authentication Manager 7.x Date Tested: March 14, 2008 Certification Environment Product Name Version Information Operating System Windows 2003 RSA Authentication Manager RSA RADIUS Server Windows 2003 VPN Gateway 3050 7.0.1.0 IOS Router Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN...
-
Page 13: Known Issues
Known Issues PIN Rejection: When a PIN is rejected by the Authentication Manager Server the user is questioned by the client to try a different PIN but the program flow is not intuitive. The user first authenticates using either Token or Password. The user is next prompted to create a new PIN. The user must re-enter the new PIN to validate input from the previous step. - Page 14 Administration Logon. NEW-PIN mode does not work via the admin console. The user is prompted to create or accept a PIN but the PIN never gets sent to the server and the user gets redirected to a blank web page.
- Page 15 Appendix Delete Node Secret Navigate to Config > Administration > RSA Servers and click on the link for the RSA Authentication Server Label you created. Click the button labeled Remove Node Secret. Remove sdconf.rec and sdstatus.12 Navigate to Config > Administration > RSA Servers. Check the box for the RSA Authentication Server Label you created.