VPN Concentrator with RSA 2 Factor

murphyw · ‎04-21-2007

I am wondering if anyone here has installed RSA Authentication Manager/SecurID with a VPN Concentrator ? Its doin' mi head in and i would really appreciate some assistance.

I have added the SDI Authentication Server into the VPN Concentrator however when i click on test and give it a username/password i keep getting errors which are not making sense. I have searched everywhere but cannot find anything. Arggg.

Can anyone please point me in the right direction. Below are the errors for the VPN Concentrators Log

"1 04/21/2007 15:59:48.630 SEV=5 AUTHDBG/181 RPT=4

Node secret file AC1F5555.sdi not found. Requesting node secret

file from the SDI server ...

3 04/21/2007 15:59:56.600 SEV=5 AUTH/44 RPT=19

Unexpected SDI status value: 23

4 04/21/2007 15:59:56.600 SEV=4 AUTH/15 RPT=39

Server name = 172.*.*.*, type = SDI,

group = none (global server), status = Not-in-service

6 04/21/2007 15:59:56.600 SEV=4 AUTH/9 RPT=19

Authentication failed: Reason = Network error

handle = 240, server = 172.*.*.*, user = murphyw"

Richard Burts · ‎04-24-2007

Wayne

I work with a concentrator which uses RSA tokens for authentication (though I was not the one who installed it). My first guess is that there is a mismatch in configuration (either your concentrator is not pointed at the correct address for the RSA server or the RSA server does not have the correct address for your concentrator). If you believe that the addresses are correct, then my second guess would be that there might be a shared key mismatch between what you configured on the concentrator and what someone configured on the RSA server. And if you believe that both the addresses and the key are correct, then my other suggestion (based on experience) would be to have the administrator on the RSA server delete the node secret for your concentrator and have it rebuilt.

Try those and let us know if it helps.

HTH

Rick

HTH

Rick

m1k3w2002 · ‎05-01-2007

Did you add the VPN as an agent host in SecuriD?