Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

SUMMARY: Contivity ES1000 and SecurID

From: lemke () Research Panasonic COM (Kennedy Lemke)
Date: Fri, 16 Apr 1999 19:38:08 -0400
Hi, everyone--this is a followup to my query of 3/18/99 about how
to get a Nortel Contivity box to talk to a Solaris SecurID server.
I'm not including the original long note or the responses I got
to save bandwidth, but will send to individuals if requested.

The solution to the problem of getting our Contivity ES1000 box
to talk to our SecurID server software was in understanding that
there is an additional piece of software (a RADIUS server) that
sits between the contivity box and the securid server.  To
authenticate a user via SecurID, the contivity box forwards an
authentication query to a RADIUS server, which then talks to the
aceserver.

I was unclear precisely what a RADIUS server was or how to implement
one, so special thanks to Chris Carlson for explaining it to me.

The solution I implemented was to get the latest version of the
software for the Contivity box (version 2_10.06) from Nortel, then
the latest version of the SecurID aceserver software from Security
Dynamics (version 3.3), which includes a RADIUS server for no extra
licensing charge.

It presumably would have also been possible to install a separate
RADIUS server software product elsewhere on the network (some free
implementations are available I believe), but I decided to use SDI's
built-in server to try to reduce the number of different machines/vendors
for this project.

Bottom line is that our Contivity ES1000 VPN box is up and running
and functioning as expected using SDI's RADIUS server in addition
to their SecurID aceserver user authentication scheme (which we also
use for dialin access).  Thanks to all who responded.

 _____ _______ _____    Kennedy Lemke
|  __ \__   __|_   _|   Computer Systems Manager
| |__) | | |    | |     UNIX && TCP/IP Network administrator
|  ___/  | |    | |     Postmaster && Webmaster && News administrator
| |      | |   _| |_    Panasonic Technologies, Inc.
|_|      |_|  |_____|   2 Research Way
Work: (609) 734-7329    Princeton, New Jersey  08540-6628
Fax:  (609) 987-8827    Email: lemke () Research Panasonic COM
Previous By Date Next
Previous By Thread Next

Current thread: