Firewall Wizards mailing list archives
Re: VPN through DSL
From: Yang Lee <ylee () net50 com>
Date: Wed, 13 Mar 2002 13:37:15 -0500 (EST)
Your company may be using Radius+securID for VPN authentication. The normal way of laying out this is like: VPN client (Nortel Extranet client) -> VPN Gateway (Nortel VPN Gateway) <-> Authentication Server (Radius/Tacacs) <-> Token Server (securID) Basically, your office VPN is using central Radius or Tacacs for remote authentication. The reason to use securID is because it's more secure than normal password. You can say that it's a dynamic password authentication device. Notice, some company's VPN solution skip Authentication Server layer as descripted above. The pro and con is not within our discussion range.
From your messages, it's seem that your securID account is disable. By
default, after 10 consecutive failed login effort, securID server will disable your account automatically (evasion-of-attack). In order to enable it, you have to contact your securID server administrator. Since the whole process involved many links, you may try to identify where it's broken. I'll try to make sure that somebody else can connect to the same VPN gateway from other place using securID. From my experience, some type of Nortel VPN gateway has bug implementing direct securID support. Aslo, you may double check with your network connection by pinging the VPN gateway. And you may also want to make sure VPN ports is not blocked if there is any firewall/ACL between your VPN client and VPN gateway. Hope this help. Good luck. ############################################ #Yang Lee # #Sr. Internet Security Engineer, Net2phone # #Tel. 973-412-3556 # #Email. ylee () net2phone com # # # # # #Disclaimer: # #My opinion here does not represent my # #employer's in any way # # # ############################################ On Tue, 12 Mar 2002, Neverdowski wrote:
I am desparate. I have been trying to connect to my office's VPN through my DSL connection at home for months now. In order to connect to my VPN, my office has provided an RSA SecurID token, which generates a random passcode at periodic intervals. I installed the Nortel Extranet client required by my office to connect and I run it after I have already established a DSL connection to the internet (with Enternet 300). However, the Extranet client always tells me that my login was unsuccessful, check my id and password. I have done so, and each time, my office says that both are in working order. I then contacted my ISP, who supplied the Enternet 300 software with which I establish my connection to the internet. They are clueless (Southwestern Bell - go figure). If I look at the details of my connection with in the Enternet 300 software, I see "SecurID disabled". No one can tell me why it says this, or how to enable SecurID. The furthest I got with any of the techs who tried to help, was to run Tracert, which showed that everything was peachy until we hit the tenth address which states "Request timed out", even though the 11th-14th still return replies (with the 14th being the address I want to reach). Someone at one point suggested I get a router. Is that my only option? Why would having a router on the external DSL modem on my home PC help? Any suggestions, help etc. would be greatly appreciated. Thanks, Stephanie _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN through DSL Neverdowski (Mar 13)
- Re: VPN through DSL Patrick Darden (Mar 13)
- Re: VPN through DSL Yang Lee (Mar 13)
- <Possible follow-ups>
- RE: VPN through DSL Behm, Jeffrey L. (Mar 13)
- RE: VPN through DSL Peter Lukas (Mar 13)
- RE: VPN through DSL R. DuFresne (Mar 13)
- RE: VPN through DSL Peter Lukas (Mar 13)
- RE: VPN through DSL R. DuFresne (Mar 13)
- Re[2]: VPN through DSL Jason Ostrom (Mar 13)
- RE: VPN through DSL Peter Lukas (Mar 13)
- RE: VPN through DSL Tina Bird (Mar 13)
- RE: VPN through DSL - On the subject of PPTP Peter Lukas (Mar 13)
- RE: VPN through DSL - On the subject of PPTP Patrick Darden (Mar 14)