Web configuration when the SVN3000 is interconnected with the RSA SecurID server
1. In the Virtual Gateway List navigation tree, unfold the node. Click Configure Authentication and Authorization. Select the Configure Authentication and Authorization Server tab. The Configure Authentication and Authorization Server page is displayed.
2. Select SecurID Server to configure the SecurID server.
3. Enter the IP address of the master SecurID server in Master server IP address. Do not modify the IP address of the SecurID server if you log in to the virtual gateway by using the SecurID authentication and authorization.
4. Enter the port number of the master SecurID server in Master server port. The port number must be enabled on the SecurID server. Generally, the SecurID server uses port 1812, and other servers use port 1645.
5. Enter the IP address of the slave SecurID server in Slave server IP address.
6. Enter the port number of the slave SecurID server in Slave server port.
7. Enter the period of time in Server response timeout. When the server does not respond within the specified time, the packet is retransmitted. If the packet is retransmitted for the number of times as specified in Server retransmission times and the server still does not respond, the authentication and authorization fail. The client will receive higher level authentication.
8. Enter the maximum number of times in Server retransmission times.
9. Select the group filtering field in Group filtering field. The SVN3000 uses the group filtering field value as the group name for authorization. The group filtering filed must be configured in accordance with the Class or Filter-ID filed on the SecurID server. Otherwise, the authorization may fail. The SVN3000 can use a maximum of four Class or Filter-ID attributes for authorization. The excessive attributes are discarded. For example, if a SecurID user that belongs to more than four SecurID groups log in to the SVN3000, the excessive group attributes are be discarded.
10. Enter the shared key of the SecurID server in Shared key. The key is shared between the SVN3000 and the SecurID server to encrypt transmission data. The shared key must be identical with that on the SecurID server. You need to obtain the key from the administrator of the SecurID server. Re-enter the shared key in Re-enter shared key.
11. Click Submit.
12. Add a SecurID group. In the navigation tree, click External Group Configuration. Select SecurID Group Management. Click Add. Add the external group named test_. Click Add.
13. Import user account test_1. No password is required.
14. In the Virtual Gateway List navigation tree, unfold the node. Set the authentication mode to SecurID and authorization mode to VPNDB. Click OK.
Enter the user name test_1 and the password obtained from the RSA terminal in real time. The authentication succeeds.