Authenticating Service Logins With Access Security Gateway (Asg) Authentication; Enabling Asg Authentication - Avaya G250 Administration Manual
Media gateways
Hide thumbs
Also See for G250:
- Reference (812 pages) ,
- Administration (720 pages) ,
- Maintenance manual (310 pages)
Table of Contents
Advertisement
Accessing the Avaya G250/G350 Media Gateway
Authenticating service logins with Access Security Gateway
(ASG) authentication
The gateway supports ASG authentication for remote service logins. Direct remote connection
of services to the gateway is needed for gateways that are under service contract, do not have
LSPs, and are controlled by external MGCs. ASG is a more secure authentication method than
password authentication and does not require a static password.
ASG uses one-time tokens for authentication, in which a unique secret key is associated with
each login. ASG authentication is a challenge-response system, in which the remote user
receives a challenge from the gateway and returns an ASG authenticated response, which the
gateway verifies before permitting access. A new challenge is used for each access attempt.
ASG authentication is supported for remote services connecting to the gateway using telnet or
SSH protocols via any of the following:
Dial-up modem connected to the USB or Console port
●
Frame relay or leased line
●
Secure gateway VPN
●
Direct connection to the front panel Console port using the "craft" login
●
When ASG authentication is enabled on the G350, the G350 recognizes any login attempts
using Avaya Services reserved usernames as service logins, and requests ASG authentication
from the user, instead of a static user password.
The following usernames are reserved for Avaya Services usage: rasaccess, sroot, init,
inads, and craft.
When ASG authentication is enabled on the G350, all password user accounts with usernames
similar to the reserved service logins are deactivated.
Enabling ASG authentication
ASG authentication can be enabled and disabled on the gateway and requires an ASG
authentication file. The ASG authentication file contains Avaya Services accounts for
authenticating users at login as members of Avaya Services.
1. Download the ASG authentication file for the gateway from the Authentication File System
(AFS) application on the RFA information page to an FTP, SCP, or TFTP server, as
described in Installing and Upgrading the Avaya G250 Media Gateway, 03-300434 and
Installing and Upgrading the Avaya G350 Media Gateway, 03-300394.
2. Download the authentication file from the FTP, SCP, or TFTP server to the gateway. Use
one of the following commands:
To download an authentication file from a remote FTP server: copy ftp auth-file
●
filename ip, where filename is the name of the authentication file, including the
54 Administration for the Avaya G250 and Avaya G350 Media Gateways
Advertisement
Table of Contents
