cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Serveral question about Identity Awareness in VPN

Hi all,

1. Identity Awareness VPN: when client dail to gw, which will authenticate with AD? GW or SMC? Or GW cached authentication message in local?
2. How to config two-factor authentication in VPN? If I want to config another factor is OTP in Mobile access VPN, CP only support RSA?
3. Can we config two-factor authentication only in Radius server?

Best Regards!

5 Replies
Admin
Admin

Re: Serveral question about Identity Awareness in VPN

In general, if you want to configure multi-factor authentication, RADIUS is the mechanism to do it.

Legacy SecurID is also supported, but even SecurID uses RADIUS these days.

The authentication occurs between the gateway and the RADIUS (or SecurID) server.

If you want to require multiple authentication schemes (e.g. Certificates plus Password, be it with RADIUS or whatever), then refer to: Multiple Authentication Schemes for Mobile Access / Remote Access 

0 Kudos

Re: Serveral question about Identity Awareness in VPN

We want to use two-fator authentication in our production enviroment, mobile access vpn and Endpoint Security VPN. Which combinations need client license? THX!

0 Kudos
Highlighted
Admin
Admin

Re: Serveral question about Identity Awareness in VPN

Mobile Access VPN uses Mobile Access licenses, which are based on concurrent users connected to gateway.

Endpoint Security VPN requires Endpoint Licenses, which are based on number of hosts installed.

The authentication you use isn't relevant to the above. 

Re: Serveral question about Identity Awareness in VPN

OK, THX! Another about IA+VPN question, CP cooperate with Radius server(cooperate with LDAP+OTP), we want to input

username: LDAP username

PSW:      LDAPpsw+OTP                in VPN authentication login.

Can it come true in CP? 

0 Kudos
Admin
Admin

Re: Serveral question about Identity Awareness in VPN

The SK I linked in my original response explains how the VPN client supports multiple authentication schemes (specifically how to require more than one).